建立两个user,一个为普通级别,一个为15级定义两个login的验证组,其中一个为default,然后另一个命名为console,对于console线路上的进行验证然后建立default授权组,授权exec,并测试看相应的效果。
AAA-SER#c
Building configuration...
Building configuration...
Current configuration : 1582 bytes
!
version 12.4
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname AAA-SER
!
boot-start-marker
boot-end-marker
!
enable password 7 030F
!
aaa new-model
!
!
aaa authentication login default local //登录验证缺省本地
aaa authentication login console line //名为con的验证列表,使用line的密码列表
aaa authorization exec default local //授权缺省列表
!
aaa session-id common
!
resource policy
!
clock timezone China 8
ip subnet-zero
!
!
ip cef
no ip domain lookup
!
!
no ip bootp server
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 password 7 045802150C2E //创建15级的用户
username user password 7 01100F175804 //创建普通用户名和密码
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
no fair-queue
!
interface Serial1/1
ip address 202.1.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
ip address 10.1.1.11 255.255.255.0
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
ip classless
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
alias exec s cop run startup-config
alias exec c sh run
alias exec a sh ip int bri
alias exec r sh ip route
!
line con 0
exec-timeout 0 0
password 7 110A1016141D5A5E57
login authentication console //将验证列表加载到console端口
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
!
version 12.4
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname AAA-SER
!
boot-start-marker
boot-end-marker
!
enable password 7 030F
!
aaa new-model
!
!
aaa authentication login default local //登录验证缺省本地
aaa authentication login console line //名为con的验证列表,使用line的密码列表
aaa authorization exec default local //授权缺省列表
!
aaa session-id common
!
resource policy
!
clock timezone China 8
ip subnet-zero
!
!
ip cef
no ip domain lookup
!
!
no ip bootp server
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 password 7 045802150C2E //创建15级的用户
username user password 7 01100F175804 //创建普通用户名和密码
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
no fair-queue
!
interface Serial1/1
ip address 202.1.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
ip address 10.1.1.11 255.255.255.0
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
ip classless
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
alias exec s cop run startup-config
alias exec c sh run
alias exec a sh ip int bri
alias exec r sh ip route
!
line con 0
exec-timeout 0 0
password 7 110A1016141D5A5E57
login authentication console //将验证列表加载到console端口
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
AAA-SER#
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
AAA-SER con0 is now available
Press RETURN to get started.
User Access Verification
Password:
AAA-SER>en //console登陆默认是15级
Password:
AAA-SER#
Password:
AAA-SER#
