ii
Contents
Security overview ···························································································· 1
Network security threats ···································································································································· 1
Network security services ·································································································································· 1
Network security technologies ··························································································································· 1
Identity authentication ································································································································ 1
Access security ·········································································································································· 2
Data security ·············································································································································· 2
Firewall and connection control ·················································································································· 3
Attack detection and protection ·················································································································· 4
Other security technologies ························································································································ 4
Configuring AAA ····························································································· 6
Overview ···························································································································································· 6
RADIUS ······················································································································································ 7
HWTACACS ············································································································································· 11
Domain-based user management ············································································································ 14
RADIUS server feature of the router ········································································································ 15
AAA for MPLS L3VPNs ···························································································································· 16
Protocols and standards ·························································································································· 17
RADIUS attributes ···································································································································· 17
FIPS compliance ·············································································································································· 20
AAA configuration considerations and task list ································································································ 20
Configuring AAA schemes ······························································································································· 22
Configuring local users ····························································································································· 22
Configuring RADIUS schemes ················································································································· 26
Configuring HWTACACS schemes ·········································································································· 37
Configuring AAA methods for ISP domains ····································································································· 43
Creating an ISP domain ··························································································································· 43
Configuring ISP domain attributes ··········································································································· 44
Configuring authentication methods for an ISP domain ··········································································· 45
Configuring authorization methods for an ISP domain ············································································· 48
Configuring accounting methods for an ISP domain ················································································ 50
Tearing down user connections ······················································································································· 52
Configuring a NAS ID-VLAN binding ··············································································································· 53
Configuring the router as a RADIUS server ····································································································· 53
RADIUS server functions configuration task list ······················································································· 53
Configuring a RADIUS user ····················································································································· 54
Specifying a RADIUS client ······················································································································ 54
Displaying and maintaining AAA ······················································································································ 55
AAA configuration examples ···························································································································· 55
Authentication/authorization for Telnet/SSH users by a RADIUS server ················································· 55
Local authentication/authorization for Telnet/FTP users ·········································································· 61
AAA for PPP users by an HWTACACS server ························································································ 62
Level switching authentication for Telnet users by a RADIUS server ······················································ 63
AAA for portal users by a RADIUS server ································································································ 67
RADIUS authentication and authorization for Telnet users by a network device ····································· 74
Troubleshooting AAA ······································································································································· 75
Troubleshooting RADIUS ························································································································· 75
Troubleshooting HWTACACS ·················································································································· 77
802.1X overview ··························································································· 78
802.1X architecture ·········································································································································· 78
Controlled/uncontrolled port and port authorization status ·············································································· 78
802.1X-related protocols ·································································································································· 79
Packet formats ········································································································································· 79
EAP over RADIUS ··································································································································· 80
Initiating 802.1X authentication ························································································································ 81
To Next Page
Loading...
Need help?
General
