EasyManuals Logo

Cisco Catalyst 3750 Software Configuration Guide

Cisco Catalyst 3750
926 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #156 background imageLoading...
Page #156 background image
7-34
Catalyst 3750 Metro Switch Software Configuration Guide
78-15870-01
Chapter 7 Configuring Switch-Based Authentication
Controlling Switch Access with Kerberos
Kerberos Operation
A Kerberos server can be a Catalyst 3750 Metro switch that is configured as a network security server
and that can authenticate remote users by using the Kerberos Protocol. Although you can customize
Kerberos in a number of ways, remote users attempting to access network services must pass through
three layers of security before they can access network services.
To authenticate to network services by using a Catalyst 3750 Metro switch as a Kerberos server, remote
users must follow these steps:
1. Authenticating to a Boundary Switch, page 7-34
2. Obtaining a TGT from a KDC, page 7-35
3. Authenticating to Network Services, page 7-35
Authenticating to a Boundary Switch
This section describes the first layer of security through which a remote user must pass. The user must
first authenticate to the boundary switch. This process then occurs:
1. The user opens an un-Kerberized Telnet connection to the boundary switch.
2. The switch prompts the user for a username and password.
3. The switch requests a TGT from the KDC for this user.
4. The KDC sends an encrypted TGT that includes the user identity to the switch.
5. The switch attempts to decrypt the TGT by using the password that the user entered.
If the decryption is successful, the user is authenticated to the switch.
If the decryption is not successful, the user repeats Step 2 either by re-entering the username
and password (noting if Caps Lock or Num Lock is on or off) or by entering a different username
and password.
A remote user who initiates a un-Kerberized Telnet session and authenticates to a boundary switch is
inside the firewall, but the user must still authenticate directly to the KDC before getting access to the
network services. The user must authenticate to the KDC because the TGT that the KDC issues is stored
on the switch and cannot be used for additional authentication until the user logs on to the switch.
SRVTAB A password that a network service shares with the KDC. In Kerberos 5 or later
Kerberos versions, SRVTAB is referred to as KEYTAB.
TGT Ticket granting ticket that is a credential that the KDC issues to authenticated
users. When users receive a TGT, they can authenticate to network services within
the Kerberos realm represented by the KDC.
Table 7-2 Kerberos Terms (continued)
Term Definition

Table of Contents

Other manuals for Cisco Catalyst 3750

Preview: Command Reference
Command Reference1154 pages
Preview: Getting Started Guide
Getting Started Guide32 pages
Preview: Hardware Installation Guide
Hardware Installation Guide230 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 3750 and is the answer not in the manual?

Cisco Catalyst 3750 Specifications

General IconGeneral
Device TypeSwitch
Switching Capacity32 Gbps
Forwarding Rate38.7 Mpps
Stacking Bandwidth32 Gbps
RAM128 MB
Jumbo Frame SupportYes
Switch TypeManaged
ModelCatalyst 3750 Series
Uplink InterfacesSFP
Form FactorRack-mountable
MAC Address Table Size12, 000 entries
Routing ProtocolRIP, OSPF, EIGRP
Remote Management ProtocolSNMP, Telnet, HTTP
FeaturesLayer 3 switching, Layer 2 switching, auto-negotiation, BOOTP support, ARP support, VLAN support, auto-uplink (auto MDI/MDI-X), IGMP snooping, traffic shaping, MAC address filtering, Quality of Service (QoS), Jumbo Frames support, MLD snooping, Dynamic ARP Inspection (DAI), Cisco EnergyWise technology
Power over Ethernet (PoE)PoE
Operating Temperature-5 - 45 °C
Operating Humidity10% to 85% non-condensing

Related product manuals