802.1X configuration examples ······················································································································ 266
Configuring AAA ························································································· 282
Overview ························································································································································ 282
AAA application ······································································································································ 282
Configuration prerequisites ···························································································································· 283
Configuring an ISP domain ···················································································································· 284
AAA configuration example ···························································································································· 288
Configuring RADIUS ··················································································· 293
Overview ························································································································································ 293
Client/server model ································································································································ 293
RADIUS packet format ··························································································································· 294
Extended RADIUS attributes ·················································································································· 297
Protocols and standards ························································································································ 297
Configuring a RADIUS scheme ····················································································································· 298
Adding RADIUS servers ························································································································· 302
RADIUS configuration example ····················································································································· 303
Configuration guidelines ································································································································ 307
Configuring HWTACACS ············································································ 309
Network requirements ···························································································································· 314
Verifying the configuration ······················································································································ 319
Configuration guidelines ································································································································ 319
Configuring users ························································································ 321
Configuring a local user ································································································································· 321
Configuring a user group ······························································································································· 323
Managing certificates ·················································································· 325
Overview ························································································································································ 325
PKI terms ··············································································································································· 325
PKI architecture ······································································································································ 325
How PKI works ······································································································································· 326
PKI applications ····································································································································· 327
Creating a PKI entity ······································································································································ 329
Creating a PKI domain ··································································································································· 330
Generating an RSA key pair ·························································································································· 333
Destroying the RSA key pair ·························································································································· 334
Requesting a local certificate ························································································································· 336
vii