A SERVICE OF

logo

Open as PDF
next previous
i
Table of Contents
1 AAA Overview············································································································································1-1
Introduction to AAA ·································································································································1-1
Authentication··································································································································1-1
Authorization····································································································································1-1
Accounting·······································································································································1-2
Introduction to ISP Domain ·············································································································1-2
Introduction to AAA Services ··················································································································1-2
Introduction to RADIUS···················································································································1-2
Introduction to HWTACACS············································································································1-6
2 AAA Configuration ····································································································································2-1
AAA Configuration Task List ···················································································································2-1
Configuration Introduction ···············································································································2-1
Creating an ISP Domain and Configuring Its Attributes··································································2-2
Configuring an AAA Scheme for an ISP Domain············································································2-3
Configuring Dynamic VLAN Assignment·························································································2-5
Configuring the Attributes of a Local User·······················································································2-6
Cutting Down User Connections Forcibly························································································2-8
RADIUS Configuration Task List·············································································································2-8
Creating a RADIUS Scheme·········································································································2-10
Configuring RADIUS Authentication/Authorization Servers··························································2-10
Configuring RADIUS Accounting Servers ·····················································································2-11
Configuring Shared Keys for RADIUS Messages·········································································2-12
Configuring the Maximum Number of RADIUS Request Transmission Attempts·························2-13
Configuring the Type of RADIUS Servers to be Supported ··························································2-13
Configuring the Status of RADIUS Servers···················································································2-14
Configuring the Attributes of Data to be Sent to RADIUS Servers ···············································2-15
Configuring the Local RADIUS Authentication Server Function ···················································2-16
Configuring Timers for RADIUS Servers·······················································································2-17
Enabling Sending Trap Message when a RADIUS Server Goes Down ·······································2-18
Enabling the User Re-Authentication at Restart Function·····························································2-18
HWTACACS Configuration Task List····································································································2-19
Creating a HWTACACS Scheme··································································································2-20
Configuring TACACS Authentication Servers ···············································································2-20
Configuring TACACS Authorization Servers·················································································2-21
Configuring TACACS Accounting Servers ····················································································2-22
Configuring Shared Keys for HWTACACS Messages··································································2-22
Configuring the Attributes of Data to be Sent to TACACS Servers ··············································2-23
Configuring the Timers Regarding TACACS Servers ···································································2-24
Displaying and Maintaining AAA···········································································································2-25
AAA Configuration Examples················································································································2-26
Remote RADIUS Authentication of Telnet/SSH Users ·································································2-26
Local Authentication of FTP/Telnet Users·····················································································2-28
HWTACACS Authentication and Authorization of Telnet Users ···················································2-29