Contents
Security overview ························································································································································· 1
Network security threats ··················································································································································· 1
Network security services ················································································································································· 1
Network security technologies ········································································································································· 2
Identity authentication ·············································································································································· 2
Access security ·························································································································································· 2
Data security ····························································································································································· 3
Firewall and connection control ······························································································································ 3
Attack detection and protection ······························································································································ 4
Other security technologies ····································································································································· 5
Configuring AAA ························································································································································· 7
Overview ············································································································································································ 7
RADIUS ······································································································································································ 8
HWTACACS ·························································································································································· 13
Domain-based user management ························································································································ 15
AAA for MPLS L3VPNs ········································································································································· 16
Protocols and standards ······································································································································· 16
RADIUS attributes ·················································································································································· 17
Configuring AAA schemes ············································································································································ 21
Configuring local users ········································································································································· 21
Configuring RADIUS schemes ······························································································································ 26
Configuring HWTACACS schemes ····················································································································· 39
Creating an ISP domain ······································································································································· 45
Tearing down user connections ···································································································································· 53
Displaying and maintaining AAA ································································································································ 54
AAA configuration examples ········································································································································ 54
Troubleshooting AAA ···················································································································································· 71
Troubleshooting RADIUS ······································································································································· 71
Troubleshooting HWTACACS ······························································································································ 73
802.1X overview ······················································································································································· 74
802.1X architecture ······················································································································································· 74
802.1X-related protocols ·············································································································································· 75
Packet formats ························································································································································ 75
EAP over RADIUS ·················································································································································· 77
i