Configuring Local User Authentication

Using a single shared password is not the most secure way to control authentication. Giving each individual a username and password is easier to track. This lab will discuss and demonstrate local user authentication.

Real World Application

Commonly with Cisco devices, multiple users will be accessing and configuring the device, thus requires different user credentials for individuals with different levels of access required to perform different management duties relating to the Cisco device.

This lab will discuss and demonstrate the configurational requirements for setting up local user accounts.

Lab Prerequisites

  • If you are using GNS3 than load the Free CCNA Workbook GNS3 topology and start R1.
  • Establish a console session with Router 1.
  • Configure the Loopback0 interface with a host address of 10.1.1.1

Lab Objectives

  • Configure a user account with the name Tom with a password of Cisco$123 and assign level 15 privileges to this user.
  • Configure a user account with the name Sally with a password of LetMeSee! and assign level 1 privileges to this user.
  • Configure the VTY lines 0 through 4 to authenticate incoming exec sessions with the Local User Database using the login local command under line configuration mode.
  • Verify your configuration by using reverse telnet via the Loopback0 interface.

Lab Instruction

Step 1. As required per the first object, create a user account with the username of tom and password of Cisco$123 and grant this user level 15 privileges.

Router con0 is now available


Press RETURN to get started.


Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#username tom privilege 15 secret Cisco$123

Step 2. – Create a user account with the username of Sally and password of LetMeSee! and grant this user level 1 privileges.

Router(config)#username sally privilege 1 secret LetMeSee!
Read Me

Creating a user account with level 15 privileges will place the user in privileged mode upon a successful authentication therefore this user will not need to provide an enable password. Use caution when assigning level 15 privileges.

Step 3. – Configure the VTY lines 0 through 4 to authenticate incoming exec sessions to the local user database. This is done by executing the login local under line configuration mode.

Router(config)#line vty 0 4
Router(config-line)#login local

Step 4. – Verify your configuration by using reverse telnet via the Loopback0 interface. You should receive a username and password prompt and upon a successful authentication based on the credentials provided you should be granted an exec shell session in user mode if using the username sally or privileged mode if using the username tom as shown below;

Routerconfig-line)#end
Router#telnet 10.1.1.1
Trying 10.1.1.1 ... Open


User Access Verification

Username: tom
Password: 
Router#
◄ Previous Lab
Next Lab ►