Jump to content
road2ccie727

Lab 5 Question 6.1 - CSL Solution mistakes...

Recommended Posts

Hi All!

 

Referring to CSL solution "CCIE Security v4 Lab 5 Solution - 3rd Release - 01-11-2014" from bysync.. I see some major errors in the solution for question 6.1 -

 

1. Default authentication rule should only allow ONLY PAP as per task requirement

- CSL solution uses Default Network Access here!!

>>>>> I think correct configuration should be to create a new "Service List" under Policy > Results > Authentication > Allowed Protocols > +ADD and allow only PAP in there. Then, we need to chose this "Allowed Protocol Service list" in the Default Authentication Policy for "SW1Admin" Identity Source..does that seem right?

 

2. Errors in Authorization Policy Rule -

- In the Authrorization Policy Rule named Admin, somehow they are setting SW1Admin as the Identity Group, which is not possible as no Identity group named SW1Admin was created

>>>>> correct configuration would be to use AdminUser Identity Group here.

- there is NO configuration in all the steps that selects TELNET traffic in the authorization policy. This is a REQUIREMENT in the task.

>>>>> correct configuration is to create a SIMPLE condition called Admin_Condition & configure "RADIUS:NAS-Port-type Equals Virtual" in there. Then we use this "Admin_Condition" in the Authroziation Policy rule

- there is NO configuration that matches the actual SW1Admin user

>>>>> correct config would be to add an Expression - "InternalUser:Name" Equals "SW1Admin" under Conditions in AND logic with the Admin_condition

 

 

Does anyone else see the same problems?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...