Zabezpieczenia – uwierzytelnianie AAA RADIUS

Sieć: zabezpieczenia – uwierzytelnianie AAA RADIUS.

Projekt sieci składającej się z 3 routerów przedstawiającej podstawowe zabezpieczenia sieci jak i uwierzytelnianie AAA oraz RADIUS.

Konfiguracje routerów:

Router 1

Current configuration : 1653 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
security passwords min-length 10
logging message-counter syslog
enable secret 5 $1$g0jV$1xTWuPLPWTkn49PQJQeJl/
!
aaa new-model
!
!
aaa authentication login default group radius none
aaa authentication login TELNET_LINES group radius
!
!
aaa session-id common
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
username user01 secret 5 $1$aj2R$VjTE.IWmIzwopyWDKS38J/
username admin privilege 15 secret 5 $1$BVUP$XGttoTe6ltRgCDgOZ5CRs.
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1/0
ip address 10.1.1.1 255.255.255.252
no fair-queue
clock rate 64000
!
interface Serial0/1/1
no ip address
shutdown
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
ip http server
ip http authentication local
no ip http secure-server
!
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
banner motd ^CNie wchodz tu^C
!
line con 0
exec-timeout 5 0
password 7 14141B180F0B29242A38322631
logging synchronous
line aux 0
exec-timeout 5 0
password 7 060506324F41080C1D0713181F
line vty 0 4
exec-timeout 5 0
password 7 14141B180F0B3C3F3D38322631
login authentication TELNET_LINES
!
scheduler allocate 20000 1000
end

Router 2

Current configuration : 1235 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1/0
ip address 10.1.1.2 255.255.255.252
no fair-queue
!
interface Serial0/1/1
ip address 10.2.2.2 255.255.255.252
clock rate 64000
!
interface Serial0/2/0
no ip address
shutdown
clock rate 125000
!
interface Serial0/2/1
no ip address
shutdown
clock rate 125000
!
ip forward-protocol nd
ip route 192.168.1.0 255.255.255.0 10.1.1.1
ip route 192.168.3.0 255.255.255.0 10.2.2.1
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

Router 3

Current configuration : 1744 bytes
!
! Last configuration change at 13:22:34 UTC Thu Mar 26 2015 by Admin01
! NVRAM config last updated at 13:22:43 UTC Thu Mar 26 2015 by Admin01
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
security passwords min-length 10
logging message-counter syslog
enable secret 5 $1$A/Og$5gAcviwhmM8LeH9Nl.eFX1
!
aaa new-model
!
!
aaa authentication login default local none
aaa authentication login TELNET_LINES local
!
!
aaa session-id common
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
username user01 secret 5 $1$hNkp$COIfTNHLOAnhTHd2IqTmW0
username Admin01 privilege 15 secret 5 $1$GLgB$eG/4qKRapqRe.NKa5VHLl.
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
clock rate 125000
!
interface Serial0/1/1
ip address 10.2.2.1 255.255.255.252
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.2.2.2
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
!
!
banner motd ^C Taki banner ze hoho^C
!
line con 0
exec-timeout 5 0
password 7 1511021F0725282B2623343100
logging synchronous
line aux 0
exec-timeout 5 0
password 7 1511021F07252A313023343100
line vty 0 4
exec-timeout 5 0
password 7 045802150C2E5A5A1009040401
login authentication TELNET_LINES
!
scheduler allocate 20000 1000
end

Sprzęt komputerowy Zabezpieczenia Zarządzanie siecią