Currently Empty: 0.00 €
Module 2 - Lab 3 - User Accounts and Authentication Methods
As a network engineer, you have been given a task to connect a new switch to an existing network. The switch will be used to expand the network and increase its capacity. However, before the switch can be used, it needs to be set up to use RADIUS authentication so that a technician can log in using the credentials they received earlier.
Step 1: Log in with the default privileges to the switch and check the AAA configuration:
There is an existing RADIUS server called that is used for authentication in the network. Log in to the and AAA configuration.
Step 2: Add RADIUS configuration on SW1 switch:
Step 2: Add RADIUS configuration on SW1 switch:
Add the RADIUS configuration on the switch and verify the configuration.
SERVER1 RADIUS:
IP: 10.10.1.200, auth-type (default PAP), auth-port (default 1812), RADIUS key Radius2Open
Step 3: Set it as the default login option:
Set RADIUS authentication as the default log in method, save the configuration and logout. Check if you can log into the user account created by System Administrator (user: stordis, password: route2open)
- The default credentials for SONiC: admin / YourPaSsWoRd
- Make sure both devices are in the same network, and they are pingable.
- If you configure AAA incorrectly you must reinstall SONiC.
The purpose of this lab is to practice changing user authentication method to RADIUS authentication.
Step 1: Log in with the default privileges to the switch and check the AAA configuration.
Log in to SW1 and check AAA configuration.
1. Log in to the SONiC using the default login credentials.
2. sonic login: admin
3. Password:
4. Linux sonic 5.10.0–8–2–amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64
5. You are on
6. ____ ___ _ _ _ ____
7. / ___| / _ \| \ | (_)/ ___|
8. \___ \| | | | \| | | |
9. ___) | |_| | |\ | | |___
10. |____/ \___/|_| \_|_|\____|
11. — Software for Open Networking in the Cloud —
12. Unauthorized access and/or use are prohibited.
13. All access and/or use are subject to monitoring.
14. Help: http://azure.github.io/SONiC/
15. admin@sonic:~$ sonic–cli
16. sonic# show aaa
17. sonic# show radius-server
18. ——————————–
19. RADIUS Global Configuration
20. ——————————–
21. key configured : No
22. sonic#
Step 2: Add RADIUS configuration on SW1 switch.
Add new configuration
1. admin@sonic:~$ sonic–cli
2. sonic# configure terminal
3. sonic(config)# radius–server host 10.10.1.200 key Radius2Open
4. sonic(config)#
5. sonic(config)# end
6. sonic(config)# exit
7. sonic# show aaa
8. sonic# show radius-server
9. ——————————–
10. RADIUS Global Configuration
11. ——————————–
12. timeout : 5
13. auth–type : pap
14. key configured : No
15. ——————————————————————————–
16. HOST AUTH–TYPE KEY–CONFIG AUTH–PORT PRIORITY TIMEOUT RTSMT VRF SI
17. ——————————————————————————–
18. 10.10.1.200 – Yes 1812 – – – – –
Step 3: Set it as the default login option.
Change the default authentication method to RADIUS, logout and verify that user login (stordis / route2open) works.
1. admin@sonic:~$ sonic–cli
2. sonic# configure terminal
3. sonic(config)# aaa authentication login default group radius
4. sonic(config)# end
5. sonic(config)# exit
6. sonic# show aaa
7. ——————————–
8. AAA Authentication Information
9. ——————————–
10. failthrough : False
11. login–method : radius
12. sonic# show radius-server
13. ——————————–
14. RADIUS Global Configuration
15. ——————————–
16. timeout : 5
17. auth–type : pap
18. key configured : No
19. ——————————————————————————–
20. HOST AUTH–TYPE KEY–CONFIG AUTH–PORT PRIORITY TIMEOUT RTSMT VRF SI
21. ——————————————————————————–
22. 10.10.1.200 – Yes 1812 – – – – –
23. sonic# exit
23. admin@sonic:~$ sudo config save -y
24. admin@sonic:~$ logout
Result: You are logged into Klish in EXEC mode.
1. Debian GNU/Linux 10 sonic ttyS0
2.
3. sonic login: stordis
4. Password:
5. Last login: Fri Apr 14 08:59:37 UTC 2023 on ttyS0
6. Linux sonic 4.19.0–9–2–amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64
7. You are on
8. ____ ___ _ _ _ ____
9. / ___| / _ \| \ | (_)/ ___|
10. \___ \| | | | \| | | |
11. ___) | |_| | |\ | | |___
12. |____/ \___/|_| \_|_|\____|
13.
14. — Software for Open Networking in the Cloud —
15.
16. Unauthorized access and/or use are prohibited.
17. All access and/or use are subject to monitoring.
18.
19. Help: http://azure.github.io/SONiC/
20.
21. sonic#
