HostedDB - Dedicated UNIX Servers
index_150
Router Security Configuration Guide UNCLASSIFIED 150 UNCLASSIFIED Version 1.0g Central LAN 2 14.2.9.0/24 Facility Network 14.1.0.0/16 14.2.9.250 14.1.15.250 South Protected Enclave 14.2.10.0/24 14.2.9.64/24 14.2.10.64 East LAN 1 14.2.6.0/24 14.1.1.20 14.2.6.250 Authentication Server 14.2.6.18 eth 0 eth 1 eth 0/0 eth 0/1 eth 0/0 eth 0/1 Figure 4-9: Routers and their Authentication Server Authorization will not be used in these examples since all the administrators in these examples need configuration access and there is no dial-in access.  For a more complete example, including authorization and some discussion of dial-in security concerns, see Section 4.6.3. Central Router Configuration: Central(config)# enable secret 3rRsd$y Central(config)# username fredadmin password d$oyTld1 Central(config)# username bethadmin password hs0o3TaG Central(config)# username johnadmin password an0!h3r( Central(config)# service password-encryption Central(config)# banner motd ^T . . ^T Central(config)# radius-server host 14.2.6.18 Central(config)# radius-server key i*Ma5in@u9p#s5wD Central(config)# aaa new-model Central(config)# aaa authentication login default radius local Central(config)# aaa accounting exec default start-stop radius Central(config)# aaa accounting exec remoteacc wait-start radius Central(config)# aaa accounting connection default start-stop radius Central(config)# access-list 91 permit 14.2.9.0 0.0.0.255 log Central(config)# access-list 91 deny any log