Contents
Configuring AAA ····························································································· 1
Overview ···························································································································································· 1
RADIUS ······················································································································································ 2
HWTACACS ··············································································································································· 7
LDAP ·························································································································································· 9
AAA for MPLS L3VPNs ···························································································································· 13
Protocols and standards ·························································································································· 13
RADIUS attributes ···································································································································· 14
FIPS compliance ·············································································································································· 17
Configuring AAA schemes ······························································································································· 18
Configuring local users ····························································································································· 18
Configuring RADIUS schemes ················································································································· 23
Configuring LDAP schemes ····················································································································· 39
Configuration prerequisites ······················································································································ 42
Creating an ISP domain ··························································································································· 43
Configuring a NAS-ID profile ···························································································································· 49
Displaying and maintaining AAA ······················································································································ 49
AAA configuration examples ···························································································································· 49
Troubleshooting RADIUS ································································································································· 65
RADIUS authentication failure ················································································································· 65
RADIUS accounting error ························································································································· 66
Troubleshooting HWTACACS ·························································································································· 66
Troubleshooting LDAP ····································································································································· 67
802.1X overview ··························································································· 68
802.1X architecture ·········································································································································· 68
802.1X-related protocols ·································································································································· 69
Packet formats ········································································································································· 69
EAP over RADIUS ··································································································································· 70
802.1X client as the initiator ····················································································································· 71
EAP relay ················································································································································· 73
EAP termination ······································································································································· 74
Configuring 802.1X ······················································································· 76
Access control methods ··································································································································· 76
i