iii
Contents
AAA configuration ··························································································································································· 1
AAA overview ··································································································································································· 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 7
Domain-based user management ··························································································································· 9
RADIUS server feature of the device ··················································································································· 10
Protocols and standards ······································································································································· 11
RADIUS attributes ·················································································································································· 11
AAA configuration considerations and task list ·········································································································· 14
Configuring AAA schemes ············································································································································ 16
Configuring local users ········································································································································· 16
Configuring RADIUS schemes ······························································································································ 20
Configuring HWTACACS schemes ····················································································································· 30
Configuring AAA methods for ISP domains ················································································································ 36
Configuration prerequisites ·································································································································· 36
Creating an ISP domain ······································································································································· 36
Configuring ISP domain attributes ······················································································································· 36
Configuring AAA authentication methods for an ISP domain ·········································································· 37
Configuring AAA authorization methods for an ISP domain ··········································································· 39
Configuring AAA accounting methods for an ISP domain ··············································································· 40
Tearing down user connections forcibly ······················································································································ 42
Configuring a network device as a RADIUS server ··································································································· 42
RADIUS server functions configuration task list ·································································································· 42
Configuring a RADIUS user ·································································································································· 42
Specifying a RADIUS client ·································································································································· 43
Displaying and maintaining AAA ································································································································ 44
AAA configuration examples ········································································································································ 44
AAA for Telnet users by an HWTACACS server ······························································································· 44
AAA for Telnet users by separate servers ··········································································································· 45
Authentication/Authorization for SSH/Telnet users by a RADIUS server ······················································· 47
AAA for 802.1X users by a RADIUS server ······································································································· 50
Level switching authentication for Telnet users by an HWTACACS server ····················································· 56
RADIUS authentication and authorization for Telnet users by a network device ··········································· 59
Troubleshooting AAA ···················································································································································· 61
Troubleshooting RADIUS ······································································································································ 61
Troubleshooting HWTACACS······························································································································ 62
802.1X fundamentals ···················································································································································· 63
802.1X architecture ······················································································································································· 63
Controlled/uncontrolled port and pot authorization status ······················································································· 63
802.1X-related protocols ·············································································································································· 64
Packet format ························································································································································· 64
EAP over RADIUS ·················································································································································· 66
Initiating 802.1X authentication ··································································································································· 66
802.1X client as the initiator ······························································································································· 66
Access device as the initiator ······························································································································· 66
802.1X authentication procedures ······························································································································ 67
A comparison of EAP relay and EAP termination ······························································································ 67
EAP relay ································································································································································ 68
EAP termination ····················································································································································· 69
To Next Page
Loading...
Need help?
General