Enterprise SONiC Bootcamp Register Now

Sign Up

Module 2 - Lab 3 - User Accounts and Authentication Methods

As a network engineer, you have been given a task to connect a new switch to an existing network. The switch will be used to expand the network and increase its capacity. However, before the switch can be used, it needs to be set up to use RADIUS authentication so that a technician can log in using the credentials they received earlier.  

Step 1: Log in with the default privileges to the switch and check the AAA configuration:
There is an existing RADIUS server called that is used for authentication in the network. Log in to the and AAA configuration.

Step 2: Add RADIUS configuration on SW1 switch:
Add the RADIUS configuration on the switch and verify the configuration.

SERVER1 RADIUS: 
IP: 10.10.1.200, auth-type (default PAP), auth-port (default 1812), RADIUS key Radius2Open 

Step 3: Set it as the default login option:

Set RADIUS authentication as the default log in method, save the configuration and logout. Check if you can log into the user account created by System Administrator (user: stordis, password: route2open) 

  • The default credentials for SONiC: admin / YourPaSsWoRd 
  • Make sure both devices are in the same network, and they are pingable. 
  • If you configure AAA incorrectly you must reinstall SONiC.
    •  

The purpose of this lab is to practice changing user authentication method to RADIUS authentication. 

 
Step 1: Log in with the default privileges to the switch and check the AAA configuration. 

 

Log in to SW1 and check AAA configuration. 

 1. Log in to the SONiC using the default login credentials. 

 2. sonic login: admin 

 3. Password: 

 4. Linux sonic 5.10.082amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64 

 5. You are on 

 6.  ____   ___  _   _ _  ____ 

 7. / ___| / _ \| \ | (_)/ ___| 

 8. \___ \| | | |  \| | | | 

 9.  ___) | |_| | |\  | | |___ 

10. |____/ \___/|_| \_|_|\____| 

11. Software for Open Networking in the Cloud  

12. Unauthorized access and/or use are prohibited. 

13. All access and/or use are subject to monitoring. 

14. Help:    http://azure.github.io/SONiC/ 

15. admin@sonic:~$ soniccli 

16. sonic# show aaa 

17. sonic# show radius-server 

18. ——————————– 

19. RADIUS Global Configuration 

20. ——————————– 

21. key configured : No 

22. sonic#  

 
Step 2: Add RADIUS configuration on SW1 switch. 

Add new configuration 

 1. admin@sonic:~$ soniccli 

 2. sonic# configure terminal 

 3. sonic(config)# radiusserver host 10.10.1.200 key Radius2Open 

 4. sonic(config)#  

 5. sonic(config)# end 

 6. sonic(config)# exit 

 7. sonic# show aaa 

 8. sonic# show radius-server 

 9. ——————————– 

10. RADIUS Global Configuration 

11. ——————————– 

12. timeout        : 5 

13. authtype      : pap 

14. key configured : No 

15. ——————————————————————————– 

16. HOST AUTHTYPE KEYCONFIG AUTHPORT PRIORITY TIMEOUT RTSMT VRF   SI 

17. ——————————————————————————– 

18. 10.10.1.200          Yes        1812                                

 

Step 3: Set it as the default login option. 

Change the default authentication method to RADIUS, logout and verify that user login (stordis / route2open) works. 

 1. admin@sonic:~$ soniccli 

 2. sonic# configure terminal 

 3. sonic(config)# aaa authentication login default group radius 

 4. sonic(config)# end 

 5. sonic(config)# exit 

 6. sonic# show aaa 

 7. ——————————– 

 8. AAA Authentication Information 

 9. ——————————– 

10. failthrough  : False 

11. loginmethod : radius 

12. sonic# show radius-server 

13. ——————————– 

14. RADIUS Global Configuration 

15. ——————————– 

16. timeout        : 5 

17. authtype      : pap 

18. key configured : No 

19. ——————————————————————————– 

20. HOST AUTHTYPE KEYCONFIG AUTHPORT PRIORITY TIMEOUT RTSMT VRF   SI 

21. ——————————————————————————– 

22. 10.10.1.200          Yes        1812                                

23. sonic# exit 

23. admin@sonic:~$ sudo config save -y 

24. admin@sonic:~$ logout

Result: You are logged into Klish in EXEC mode. 

 1. Debian GNU/Linux 10 sonic ttyS0 

 2.   

 3. sonic login: stordis 

 4. Password: 

 5. Last login: Fri Apr 14 08:59:37 UTC 2023 on ttyS0 

 6. Linux sonic 4.19.092amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64 

 7. You are on 

 8.   ____   ___  _   _ _  ____ 

 9.  / ___| / _ \| \ | (_)/ ___| 

10.  \___ \| | | |  \| | | | 

11.   ___) | |_| | |\  | | |___ 

12.  |____/ \___/|_| \_|_|\____| 

13.   

14. Software for Open Networking in the Cloud  

15.   

16. Unauthorized access and/or use are prohibited. 

17. All access and/or use are subject to monitoring. 

18.   

19. Help: http://azure.github.io/SONiC/ 

20.   

21. sonic#Â