Contents
AAA configuration ······················································································································································· 1
AAA overview ··································································································································································· 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 8
Domain-based user management ························································································································ 10
Protocols and standards ······································································································································· 11
RADIUS attributes ·················································································································································· 11
FIPS compliance ····························································································································································· 14
Configuring AAA schemes ············································································································································ 16
Configuring local users ········································································································································· 16
Configuring RADIUS schemes ······························································································································ 20
Configuring HWTACACS schemes ····················································································································· 31
Configuration prerequisites ·································································································································· 37
Creating an ISP domain ······································································································································· 37
Displaying and maintaining AAA ································································································································ 44
AAA configuration examples ········································································································································ 44
Troubleshooting AAA ···················································································································································· 55
Troubleshooting RADIUS ······································································································································· 55
Troubleshooting HWTACACS ······························································································································ 56
802.1X fundamentals ················································································································································ 57
Architecture of 802.1X ·················································································································································· 57
802.1X-related protocols ·············································································································································· 58
Packet format ························································································································································· 58
EAP over RADIUS ·················································································································································· 60
Initiating 802.1X authentication ··································································································································· 60
802.1X client as the initiator································································································································ 60
Access device as the initiator ······························································································································· 60
802.1X authentication procedures ······························································································································ 61
EAP relay ································································································································································ 62
EAP termination ····················································································································································· 63
802.1X configuration ················································································································································ 65
HP implementation of 802.1X ······································································································································ 65
Access control methods ········································································································································ 65
i