Lab 3-2 – Configuring Local User Database Authentication

In this lab you will learn how to configure a Cisco Router and/or Switch to authenticate exec sessions to a local user account database.

Real World Application

Commonly with Cisco devices, multiple users will be accessing and configuring the device, thus requires different user credentials for individuals with different levels of access required to perform different management duties relating to the Cisco device.


Lab Prerequisites

  • If you are using GNS3 than load the Stub Area Networking GNS3 topology and start R1.
  • Establish a console session with Router 1.
  • Configure the Loopback0 interface with a host address of 10.1.1.1

Lab Objectives

  • Configure a user account with the name Tom with a password of Cisco$123 and assign level 15 privileges to this user.
  • Configure a user account with the name Sally with a password of LetMeSee! and assign level 1 privileges to this user.
  • Configure the VTY lines 0 through 4 to authenticate incoming exec sessions with the Local User Database using the login local command under line configuration mode.
  • Verify your configuration by using reverse telnet via the Loopback0 interface.

Lab Instruction

Step 1. As required per the first object, create a user account with the username of tom and password of Cisco$123 and grant this user level 15 privileges.

Router con0 is now available

Press RETURN to get started.

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#username tom privilege 15 secret Cisco$123

Step 2. – Create a user account with the username of Sally and password of LetMeSee! and grant this user level 1 privileges.

Router(config)#username sally privilege 1 secret LetMeSee!
Read Me

Creating a user account with level 15 privileges will place the user in privileged mode upon a successful authentication therefore this user will not need to provide an enable password. Use caution when assigning level 15 privileges.

Step 3. – Configure the VTY lines 0 through 4 to authenticate incoming exec sessions to the local user database. This is done by executing the login local under line configuration mode.

Router(config)#line vty 0 4
Router(config-line)#login local


Step 4. – Verify your configuration by using reverse telnet via the Loopback0 interface. You should receive a username and password prompt and upon a successful authentication based on the credentials provided you should be granted an exec shell session in user mode if using the username sally or privileged mode if using the username tom as shown below;

Routerconfig-line)#end
Router#telnet 10.1.1.1
Trying 10.1.1.1 ... Open

User Access Verification

Username: tom
Password:
Router#

9 comments so far

Add Your Comment
  1. Biplab said: July 14, 2011 4:52 PM

    To Ciscoguy :
    Privilege 1 mean you can’t enter directly configuration mode you must give the privilege password but if you give the Privilege 15 you can enter directly into configuration mode through telnet……..

  2. eddie said: March 16, 2012 10:59 AM

    when I type username tom privilege 15 secret Cisco$123, I get a message that reads invalid input detected at “^” marker on s, I checked the spelling an I spelled correctly secret. what do you recommend I should do?

« Older Comments

Your Comment