Lab 3 Part 2 - Configuring AAA Authentication on Routers (FT)
.docx
School
Institute of Technology, Blanchardstown**We aren't endorsed by this school
Course
COMP H1015
Subject
Computer Science
Date
Dec 18, 2024
Pages
14
Uploaded by CountAntMaster798
Lab 3 Part 2 - Configuring AAA Authentication on RoutersTopologyAddressing TableDeviceInterfaceIP AddressSubnet MaskDefault GatewaySwitch PortR1G0/010.1.1.1255.255.255.252N/AN/AR1G0/1192.168.1.1255.255.255.0N/AS1 F0/5R2G0/010.1.1.2255.255.255.252N/AN/AR2G0/110.2.2.2255.255.255.252N/AN/AR3G0/010.2.2.1255.255.255.252N/AN/AR3G0/1192.168.3.1255.255.255.0N/AS3 F0/5Page 1 of 14G0/1G0/0G0/0G0/0G0/1G0/1
Lab 3 Part 2 - Configuring AAA Authentication on RoutersDeviceInterfaceIP AddressSubnet MaskDefault GatewaySwitch PortPC-ANIC192.168.1.3255.255.255.0192.168.1.1S1 F0/6RADIUS Server on PC-ANIC192.168.1.11255.255.255.0192.168.1.1N/APC-CNIC192.168.3.3255.255.255.0192.168.3.1S3 F0/18Blank Line, No additional informationObjectivesPart 1: Configure Basic Device SettingsPart 2: Configure Centralized Authentication Using AAA and RADIUSEnable AAA.Configure the default login authentication list.Specify a RADIUS server.Part 3: Configure Centralized Authentication Using AAA and RADIUSTest the AAA RADIUS configuration.Change the RADIUS port numbersBackground / ScenarioThe most basic form of router access security is to create passwords for the console, vty, and aux lines. A user is prompted for only a password when accessing the router. Configuring a privileged EXEC mode secret password further improves security, but still only a basic password is required for each mode of access. Localdatabases with usernames with varying privilege levels can also be used and the users will be prompted for usernames and passwords to access the devices.In addition to basic passwords and local authentication, additional control over the login process can be achieved using authentication, authorization, and accounting (AAA). For basic authentication, AAA can be configured to access the local database for user logins, and fallback procedures can also be defined. However, this approach is not very scalable because it must be configured on every router. To take full advantage of AAA and achieve maximum scalability, AAA is used in conjunction with an external TACACS+ or RADIUS server database. When a user attempts to log in, the router references the external server database to verify that the user is logging in with a valid username and password.In this lab, you build a multi-router network and configure the routers and hosts. You will access RADIUS software on an external computer and use AAA to authenticate users with the RADIUS server.Note: The routers used with hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.6 (universalk9 image). The switches used in the labs are Cisco Catalyst 2960+ with Cisco IOS Release 15.2(7) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers.Note: Before you begin, ensure that the routers and the switches have been erased and have no startup configurations.Required Resources3 Routers (Cisco 4221 with Cisco XE Release 16.9.6 universal image or comparable with a Security Technology Package license)2 Switches (Cisco 2960+ with Cisco IOS Release 15.2(7) lanbasek9 image or comparable)Page 2of 14
Lab 3 Part 2 - Configuring AAA Authentication on Routers2 PCs (Windows OS with a terminal emulation application and virtualization software, such as VirtualBox installed)1 Security Workstation Virtual Machine with RADIUS server already installedConsole cables to configure Cisco networking devicesEthernet cables as shown in the topologyInstructionsPart 1: Configure Basic Device SettingsIn this part, you set up the network topology and configure basic settings, such as the interface IP addresses, static routing, device access, and passwords.The initial router configurations are provided and the configurations for the switches are optional.Step 1: Cable the network as shown in the topology.Attach the devices as shown in the topology diagram, and then cable as necessary. Note: The switches are optional in the topology and can be ignored.Step 2: Load the configurations.In this step, you will copy and paste the configurations into each router.Open configuration windowRouter R1enableconfig terminalno ip domain lookupenable algorithm-type sha256 secret cisco12345username admin privilege 15 algorithm-type sha256 secret cisco12345host R1interface GigabitEthernet0/0ip address 10.1.1.1 255.255.255.252no shutdowninterface GigabitEthernet0/1ip address 192.168.1.1 255.255.255.0no shutdownrouter ospf 1passive-interface GigabitEthernet0/1network 10.1.1.0 0.0.0.3 area 0network 192.168.1.0 0.0.0.255 area 0ip route 0.0.0.0 0.0.0.0 10.1.1.2line con 0logging synchronousexec-timeout 5 0line aux 0exec-timeout 5 0line vty 0 15exec-timeout 5 0Page 3of 14
Lab 3 Part 2 - Configuring AAA Authentication on RoutersendRouter R2enableconfig terminalno ip domain lookuphost R2enable algorithm-type sha256 secret cisco12345username user01 algorithm-type sha256 secret user01passusername admin privilege 15 algorithm-type sha256 secret cisco12345ip domain-name netsec.cominterface GigabitEthernet0/0ip address 10.1.1.2 255.255.255.252no shutdowninterface GigabitEthernet0/1ip address 10.2.2.2 255.255.255.252no shutdownrouter ospf 1passive-interface GigabitEthernet0/1network 10.1.1.0 0.0.0.3 area 0network 192.168.1.0 0.0.0.255 area 0ip route 192.168.1.0 255.255.255.0 10.1.1.1ip route 192.168.3.0 255.255.255.0 10.2.2.1line con 0login locallogging synchronousexec-timeout 5 0line aux 0login localexec-timeout 5 0line vty 0 15login localexec-timeout 5 0transport input sshcrypto key generate rsa general-key modulus 1024endRouter R3enableconfig terminalno ip domain lookupenable secret cisco12345username admin privilege 15 secret cisco12345ip domain-name netsec.comhost R3interface GigabitEthernet0/0Page 4of 14
Lab 3 Part 2 - Configuring AAA Authentication on Routersip address 10.2.2.1 255.255.255.252no shutdowninterface GigabitEthernet0/1ip address 192.168.3.1 255.255.255.0no shutdownrouter ospf 1passive-interface GigabitEthernet0/1network 10.1.1.0 0.0.0.3 area 0network 192.168.1.0 0.0.0.255 area 0ip route 0.0.0.0 0.0.0.0 10.2.2.2line con 0logging synchronousexec-timeout 5 0line aux 0exec-timeout 5 0line vty 0 15exec-timeout 5 0endClose configuration windowStep 3: Configure the PCs.PC-A will function as the RADIUS server for this lab. A virtual machine with a RADIUS server is setup for use in this course. You can deploy the virtual machine on PC-A by following the instructions in the Appendix if youhave not done so already. (The alternative would be to download, install, and configure a RADIUS server directly onto PC-A.)a.Assign the IP address and default gateway on PC-C according to the Addressing Table.b.If you have not already deployed the virtual machine Security Workstation VM, please go to the Appendix at the end of the lab sheet.c.Start VirtualBox and verify that the Security Workstation is using the Bridged Adapter in the Network Settings.d.Start the Security Workstation VM. Log into the VM as sec_adminwith the password net_secPW. Selectthe user sec_adminfrom the dropdown list if necessary.e.From the menu bar at the bottom of the Desktop, click Terminal Emulator.f.Within the terminal emulator window, you will configure this virtual machine with an IP address of 192.168.1.11 by running a script. When prompted for a password, use the password net_secPW.[sec_admin@Workstation ~]$ cd ~/lab.support.files/scripts/[sec_admin@Workstation scripts]$ ./configure_as_static.sh[sudo] password for sec_admin:Configuing the NIC as:IP: 192.168.1.11/24GW: 192.168.1.1IP Configuration successful.g.Enter ip addrat the prompt to verify the assigned static IP address on Security Workstation VM.[sec_admin@Workstation scripts]$ ip addrPage 5of 14
Lab 3 Part 2 - Configuring AAA Authentication on Routers<output omitted>2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:50:56:9c:c5:37 brd ff:ff:ff:ff:ff:ffinet 192.168.1.11/24 brd 192.168.1.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::250:56ff:fe9c:5248/64 scope linkvalid_lft forever preferred_lft foreverh.Ping the gateway IP address (R1's G0/0, 192.168.1.1) from Security Workstation VM.[sec_admin@Workstation scripts]$ ping -c 4 192.168.1.1PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=0.605 ms64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=0.661 ms64 bytes from 192.168.1.1: icmp_seq=3 ttl=255 time=0.654 ms64 bytes from 192.168.1.1: icmp_seq=4 ttl=255 time=0.641 ms--- 192.168.1.1 ping statistics ---4 packets transmitted, 4 received, 0% packet loss, time 3042msrtt min/avg/max/mdev = 0.605/0.640/0.661/0.021 msStep 4: Verify connectivity.Test connectivity by pinging from Security Workstation VM to PC-C. If the pings are not successful, troubleshoot the router and PC configurations until they are.Part 2: Configure Local Authentication Using AAA on R3Step 1: Configure the local user database.Open configuration windowa.Create a local user account with PDKDF2 hashing to encrypt the password.R3(config)# username Admin01 privilege 15 algorithm-type sha256 secret Admin01passb.Exit global configuration mode and display the running configuration.QUESTION 1Can you read the user’s password? ________________________QUESTION 2What number is displayed before their password? ________________________Step 2: Enable AAA services.In this step you will enable AAA services globally on R3. Because you are implementing local authentication, you will configured local authentication as the only method.If you were using an authentication method with a remote server, such as TACACS+ or RADIUS, you would configure a secondary authentication method for fallback if the server is unreachable. Normally, the secondary method is the local database.a.From global configuration mode on R3, enter the command aaa authentication login TEST enable.R3(config)# aaa authentication login TEST enableQUESTION 3Was the command successful? ______________________b.Enable AAA on R3 using the aaa new-modelcommand in global configuration mode.Page 6of 14
Lab 3 Part 2 - Configuring AAA Authentication on RoutersStep 3: Implement AAA services for console access using the local database.a.Configure AAA authentication for logins to use the local database by default using the aaa authentication login default method1[method2][method3] command. Ensure the login entries are case sensitive.R3(config)# aaa authentication login default local-caseNote: If you do not set up a default login authentication list, you could get locked out of the router and be forced to use the password recovery procedure for your specific router.Note: The local-caseparameter is used to make usernames case-sensitive.b.Exit to the initial router screen that displays:R3 con0 is now availablePress RETURN to get started.Log in to the console as Admin01with a password of Admin01pass. Remember that usernames and passwords are both case-sensitive.Note: If your session with the console port of the router times out, you might have to log in using the default authentication list.c.Exit to the initial router screen that displays:Step 4: Configure domain name and crypto key for use with SSH.a.Use netsecurity.comas the domain name on R3.b.Create an RSA crypto key using 1024 bits.Step 5: Create an AAA authentication profile for SSH using the local database.a.Create a unique authentication list for SSH access to the router. This will not have a fallback for authentication, so if there are no usernames in the local database, SSH access is disabled. To create an authentication profile that is not the default, specify a list name of SSH_LINESand apply it to the vty lines. The logins do notneed to be case sensitive.b.Verify that this authentication profile is used by opening an SSH session from PC-C to R3. Log in as Admin01with a password of Admin01pass.c.Exit the SSH session.d.Try connecting to R3 from PC-C a second time using SSH but this time use different cases for the username/password (e.g. aDMin01).QUESTION 4Was the SSH connection successful? ______________________Part 3: Observe AAA Authentication Using Cisco IOS DebugIn this part, you use the debugcommand to observe successful and unsuccessful authentication attempts.Step 1: Verify that the system clock and debug time stamps are configured correctly.a.From the R3 user or privileged EXEC mode prompt, use the show clockcommand to determine what thecurrent time is for the router. If the time and date are incorrect, set the time from privileged EXEC mode with the command clock set HH:MM:SS DD month YYYY.An example is provided here for R3.R3# clock set 14:15:00 15 February 2023b.Verify that detailed time-stamp information is available for your debug output using the show runcommand. This command displays all lines in the running config that include the text “timestamps”.Page 7of 14
Lab 3 Part 2 - Configuring AAA Authentication on RoutersR3# show run | include timestampsservice timestamps debug datetime msecservice timestamps log datetime msecc.If the service timestamps debugcommand is not present, enter it in global config mode.R3(config)# service timestamps debug datetime msecR3(config)# exitStep 2: Use debug to verify user access.a.Activate debugging for AAA authentication.R3# debug aaa authenticationAAA Authentication debugging is onb.Start an SSH session from R2 to R3. Log in with username Admin01and password Admin01pass.R2# ssh -l Admin01 10.2.2.1c.Navigate back R3. Observe the AAA authentication events in the console session window. Debug messages similar to the following should be displayed.R3#Feb 3 14:15:57.653: AAA/BIND(00000FB5): Bind i/f Feb 3 14:15:57.653: AAA/AUTHEN/LOGIN (00000FB5): Pick method list 'SSH_LINES' R3#Feb 3 14:16:01.966: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: Admin01] [Source: 10.2.2.2] [localport: 22] at 14:16:01 UTC Wed Feb 3 2021d.From the SSH window on R2, enter privileged EXEC mode. Use the enable secret password of cisco12345. Debug messages similar to the following should be displayed. In the third entry, note the username (Admin01), virtual port number (tty866), and remote SSH client address (10.2.2.2). Also note that the last status entry is “PASS.”Feb 3 14:19:51.146: AAA: parse name=tty866 idb type=-1 tty=-1Feb 3 14:19:51.146: AAA: name=tty866 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=866 channel=0Feb 3 14:19:51.146: AAA/MEMORY: create_user (0x7FD084CE0FF0) user='Admin01' ruser='NULL' ds0=0 port='tty866' rem_addr='10.2.2.2' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)Feb 3 14:19:51.146: AAA/AUTHEN/START (402765494): port='tty866' list='' action=LOGIN service=ENABLEFeb 3 14:19:51.146: AAA/AUTHEN/START (402765494): non-console enable - default to enable passwordFeb 3 14:19:51.147: AAA/AUTHEN/START (402765494): Method=ENABLER3#Feb 3 14:19:51.147: AAA/AUTHEN (402765494): status = GETPASSR3#Feb 3 14:19:54.156: AAA/AUTHEN/CONT (402765494): continue_login (user='(undef)')Feb 3 14:19:54.156: AAA/AUTHEN (402765494): status = GETPASSFeb 3 14:19:54.156: AAA/AUTHEN/CONT (402765494): Method=ENABLEFeb 3 14:19:54.259: AAA/AUTHEN (402765494): status = PASSFeb 3 14:19:54.259: AAA/MEMORY: free_user (0x7FD084CE0FF0) user='NULL' ruser='NULL' port='tty866' rem_addr='10.2.2.2' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)e.From the SSH window, exit privileged EXEC mode using the disablecommand. Try to enter privileged EXEC mode again, but use a bad password this time. Observe the debug output on R3, noting that the status is “FAIL” this time.Page 8of 14
Lab 3 Part 2 - Configuring AAA Authentication on RoutersFeb 3 14:24:20.274: AAA: parse name=tty866 idb type=-1 tty=-1Feb 3 14:24:20.274: AAA: name=tty866 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=866 channel=0Feb 3 14:24:20.274: AAA/MEMORY: create_user (0x7FD08991D130) user='Admin01' ruser='NULL' ds0=0 port='tty866' rem_addr='10.2.2.2' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)Feb 3 14:24:20.274: AAA/AUTHEN/START (1943266075): port='tty866' list='' action=LOGINservice=ENABLEFeb 3 14:24:20.274: AAA/AUTHEN/START (1943266075): non-console enable - default to enable passwordFeb 3 14:24:20.274: AAA/AUTHEN/START (1943266075): Method=ENABLER3#Feb 3 14:24:20.275: AAA/AUTHEN (1943266075): status = GETPASSR3#Feb 3 14:24:22.276: AAA/AUTHEN/CONT (1943266075): continue_login (user='(undef)')Feb 3 14:24:22.276: AAA/AUTHEN (1943266075): status = GETPASSFeb 3 14:24:22.276: AAA/AUTHEN/CONT (1943266075): Method=ENABLEFeb 3 14:24:22.379: AAA/AUTHEN(1943266075): password incorrectFeb 3 14:24:22.379: AAA/AUTHEN (1943266075): status = FAILFeb 3 14:24:22.379: AAA/MEMORY: free_user (0x7FD08991D130) user='NULL' ruser='NULL' port='tty866' rem_addr='10.2.2.2' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)R3#f.Exit the SSH session to the router R3. Then try to open an SSH session to the router again, but this time try to log in with the username Admin01and a bad password. From the console window, the debug output should look similar to the following. Feb 3 14:26:40.960: AAA/BIND(00000FB9): Bind i/f Feb 3 14:26:40.960: AAA/AUTHEN/LOGIN (00000FB9): Pick method list 'SSH_LINES' g.Turn off all debugging using the undebug allcommand at the privileged EXEC prompt.Part 4: Configure Centralized Authentication Using AAA and RADIUS In this part, you will configure R1 to use AAA services to authenticate users. The RADIUS server is already configured with one user RadUserwith the password RadUserpassand the secret shared key $trongKey. Step 1: Enable AAA on R1.Open a console on R1 and enable AAA globally.Step 2: Configure a backup local database entry called Admin.For backup purposes, configure a local username of Admin2and a secret password of admin2pa55.Step 3: Configure the default login authentication list. Configure the list to first use RADIUS for the authentication service, and then the local database as a fallback (not case sensitive). If no RADIUS server can be reached, the router will attempt to authentic the user using the local database. This is a safeguard measure in case the router starts up without connectivity to an active RADIUS server.Note: If you do not set up a default login authentication list, you could get locked out of the router and need touse the password recovery procedure for your specific router.Step 4: Specify a RADIUS server.a.Use the radius server command to enter RADIUS server configuration mode.Page 9of 14
Lab 3 Part 2 - Configuring AAA Authentication on RoutersR1(config)# radius server NetSecb.Use the ?to view the sub-mode commands available for configuring a RADIUS server.R1(config-radius-server)# ?RADIUS server sub-mode commands:address Specify the radius server addressautomate-tester Configure server automated testing.backoff Retry backoff pattern(Default is retransmits with constantdelay)exit Exit from RADIUS server configuration modekey Per-server encryption keyno Negate a command or set its defaultsnon-standard Attributes to be parsed that violate RADIUS standardpac Protected Access Credential keyretransmit Number of retries to active server (overrides default)timeout Time to wait (in seconds) for this radius server to reply(overrides default)c.Use the addresscommand to configure the IP address of the RADIUS server.R1(config-radius-server)# address ipv4 192.168.1.11d.The keycommand is used for the secret password that is shared between the RADIUS server and the router (R1 in this case) and is used to authenticate the connection between the router and the server before the user authentication process takes place. Use the secret password of $trongPassthat has been configured on the Radius server. Remember that passwords are case-sensitive.R1(config-radius-server)# key $trongPassR1(config-radius-server)# endClose configuration windowNote: For the purposes of this lab, an unencrypted password is configured. In the future, IOS will require encrypted passwords.Part 5: Test the AAA RADIUS Configuration.Step 1: Start the RADIUS Server and verify operation.a.At the Security Workstation terminal, start the RADIUS server by entering the sudo systemctl start freeradius.servicecommand. Enter the password net_secPWas necessary.[sec_admin@Workstation ~]$ sudo systemctl start freeradius.serviceb.Verify that the server is running, enter the command sudo systemctl status freeradius.serviceat the terminal prompt.[sec_admin@Workstation ~]$ sudo systemctl status freeradius.service? freeradius.service - FreeRADIUS high performance RADIUS server.Loaded: loaded (/usr/lib/systemd/system/freeradius.service; disabled; vendor preset: disabled)Active: active (running) since Sun 2021-02-14 22:14:07 EST; 18min agoDocs: man:radiusd(8)man:radiusd.conf(5)https://wiki.freeradius.org/Homehttps://networkradius.com/freeradius-documentation/Process: 890 ExecStartPre=/usr/bin/radiusd -C (code=exited, status=0/SUCCESS)Process: 893 ExecStart=/usr/bin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)Page 10of 14
Lab 3 Part 2 - Configuring AAA Authentication on RoutersMain PID: 895 (radiusd)Tasks: 6 (limit: 1113)Memory: 77.5MCGroup: /system.slice/freeradius.servicemq895 /usr/bin/radiusd -d /etc/raddbFeb 14 22:14:07 Workstation systemd[1]: Starting FreeRADIUS high performance RADIUS server....Feb 14 22:14:07 Workstation systemd[1]: Started FreeRADIUS high performance RADIUS server..Step 2: Test your configuration.You can test and verify your RADIUS server configurations on your router before exiting the router by using the test aaacommand. The output message indicates that there is no authoritative response from the RADIUS sever.Open configuration windowR1# test aaa group radius RadUser RadUserpass legacyAttempting authentication test to server-group radius using radiusNo authoritative response from any serverYou may also see messages similar to the following may display after the attempted tests indicating that the RADIUS server at 192.168.1.11 is not communicating with the router.*Feb 15 02:30:26.504: %RADIUS-4-RADIUS_DEAD: RADIUS server 192.168.1.11:1645,1646 is not responding.*Feb 15 02:30:26.504: %RADIUS-4-RADIUS_ALIVE: RADIUS server 192.168.1.11:1645,1646 is being marked alive.Step 3: Troubleshoot router-to-RADIUS server communication.The show radius server-group radiuscommand indicates that the router is using UDP ports 1645 and 1646for communications.R1# show radius server-group radiusServer group radiusSharecount = 1 sg_unconfigured = FALSEType = standard Memlocks = 1Server(192.168.1.11:1645,1646) Transactions:Authen: 32 Author: 0 Acct: 0Server_auto_test_enabled: FALSEKeywrap enabled: FALSERFC 2865 officially assigned port numbers 1812 and 1813 for RADIUS. This indicates that the router and RADIUS server are not communicating on the same ports.Step 4: Change the RADIUS port numbers on R1 to match the RADIUS server.Unless specified otherwise, the Cisco IOS RADIUS configuration defaults to UDP port numbers 1645 and 1646. Either the router Cisco IOS port numbers must be changed to match the port number of the RADIUS server or the RADIUS server port numbers must be changed to match the port numbers of the Cisco IOS router.a.Re-issue the address sub-mode command again. This time specify port numbers 1812and 1813, along with the IPv4 address.R1(config)# radius server NetSecPage 11of 14
Lab 3 Part 2 - Configuring AAA Authentication on RoutersR1(config-radius-server)# address ipv4 192.168.1.11 auth-port 1812 acct-port 1813b.Test the router to RADIUS server communications again by using the test aaa command.R1# test aaa group radius RadUser RadUserpass legacyAttempting authentication test to server-group radius using radiusUser was successfully authenticated.Step 5: Test your configuration by logging into the console on R1.a.Exit to the initial router screen that displays: R1 con0 is now available, Press RETURNto get started.b.Log in again with the username of RadUserand password of RadUserpass.Question:QUESTION 5Were you able to login? Was there any delay this time? ______________________Step 6: Create an authentication method list for SSH and test it.a.Log back into R1 as necessary.b.Create a unique authentication method list for SSH access to the router. This does not have the fallback of no authentication, so if there is no access to the RADIUS server, SSH access is disabled. Name the authentication method list SSH_LINES.R1(config)# aaa authentication login SSH_LINES group radiusc.Apply the list to the vty lines on the router using the login authenticationcommand. R1(config)# line vty 0 15R1(config-line)# login authentication SSH_LINESd.Establish an SSH session from PC-C to R1 (10.1.1.1) and log in with the username RadUserand the password of RadUserpass. Were you able to gain access to log in? Explain.Appendix - Importing the Virtual Machine into the VirtualBox InventoryThis appendix describes importing the virtual machine image into VirtualBox and starting the virtual machine.Step 1: Import the virtual machine file into VirtualBox.a.Open VirtualBox. Click File>Import Appliance...to import the virtual machine image.b.In the Appliance to import window, specify the location of the .OVA file and click Next.c.The Appliance window presents the settings suggested in the OVA archive. Review the default settings and change if necessary. Normally, the default settings are appropriate. Click Importto continue.d.When the import process is complete, you will see the new Virtual Machine added to the VirtualBox inventory in the left panel. The virtual machine is now ready to use.Step 2: Start the virtual machine and log in.a.Click the Security Workstation virtual machine. Page 12of 14
Lab 3 Part 2 - Configuring AAA Authentication on Routersb.Click the green arrow Startbutton at the top portion of the VirtualBox application window. If you get the following error dialog box, click Change Network Settingsand set your Bridged Adapter. Click the dropdown list next to the Name and choose your network adapter (this will vary for each computer).c.Click OK. A new window will appear and the virtual machine boot process will start.d.When the boot process is complete, the virtual machine will ask for a username and password. Select sec_adminin the drop-down menu.Use the following credentials to log in to the virtual machine:Username: sec_adminPassword: net_secPWYou will be presented with a desktop environment with a launcher bar at the bottom, icons on the desktop, and an application menu at the top.Note: Notice the keyboard and mouse focus. When you click inside the virtual machine window, your mouse and keyboard will operate the guest operating system. Your host operating system will no longer detect keystrokes or mouse movements. Move your mouse outside of the VirtualBox window to control your host operating system. If you are unable to move the mouse out of the VirtualBox window, press the rightCTRL key to return keyboard and mouse focus to the host operating system.Step 3: Familiarize yourself with the Virtual Machine.The virtual machine that you just installed will be used to complete several of the labs in this course. Familiarize yourself with the icons in the list below:The launcher bar icons are (from left to right):Show the desktopTerminal emulatorPage 13of 14
Lab 3 Part 2 - Configuring AAA Authentication on RoutersFile manager applicationWeb browser application (Firefox)File search toolCurrent user's home directoryOpen the Terminal Emulatorapplication. Type ip addressat the prompt to determine the IP address of your virtual machine. The output should show that the Ethernet interface has be assigned an IP address in the 10.0.2.0/24 network.[sec_admin@Workstation ~]$ ip addressPage 14of 14