background image
394 Chapter 12: Using AAA to Scale Access Control in an Expanding Network
Scenario Answers
The answers provided in this section are not necessarily the only possible correct answers. They
merely represent one possibility for the scenario. The intention is to test your base knowledge
and understanding of the concepts discussed in this chapter.
Should your answers be different (as they possibly will be), consider the differences. Are your
answers in line with the concepts of the answers provided and explained here? If not, go back
and read the chapter again, focusing on the sections related to the problem scenario.
Scenario 12-1 Answers
1
The router configuration given an AAA address of 123.123.123.123 using a password of
AAAsecret would be as follows:
Router(config)#aaa new-model
Router(config)#radius-server host 123.123.123.123
Router(config)#radius-server key AAAsecret
Router(config)#aaa authentication login admins radius local
Router(config)#aaa authentication login default radius
Router(config)#aaa authentication ppp default radius
Router(config)#aaa accounting command 15 wait-start radius
Router(config)#line 1 5
Router(config-line)#aaa authentication admins
Router(config)#line con 0
Router(config-line)#aaa authentication admins
Router(config)#line aux 0
Router(config-line)#aaa authentication admins
2
To allow access to a group of users that will be accessing a Novell service using the NASI
client software, you would add the following command to your original configuration:
Router(config)#aaa authentication nasi default radius
3
To allow the database to track the connection time for all PPP users, you would add the
following command to your original configuration:
Router(config)#aaa accounting connection start-stop radius