Contents
Configuring AAA ························································································································································· 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 7
Domain-based user management ··························································································································· 9
Protocols and standards ······································································································································· 11
RADIUS attributes ·················································································································································· 11
Configuring AAA schemes ············································································································································ 16
Configuring local users ········································································································································· 16
Configuring RADIUS schemes ······························································································································ 20
Configuring HWTACACS schemes ····················································································································· 31
Configuration prerequisites ·································································································································· 36
Creating an ISP domain ······································································································································· 36
Tearing down user connections ···································································································································· 42
Configuring a RADIUS user ·································································································································· 43
Specifying a RADIUS client ·································································································································· 44
Displaying and maintaining AAA ································································································································ 44
AAA configuration examples ········································································································································ 44
Troubleshooting AAA ···················································································································································· 61
Troubleshooting RADIUS ······································································································································ 61
Troubleshooting HWTACACS······························································································································ 62
802.1X fundamentals ················································································································································ 63
802.1X architecture ······················································································································································· 63
802.1X-related protocols ·············································································································································· 64
Packet formats ························································································································································ 64
EAP over RADIUS ·················································································································································· 65
Initiating 802.1X authentication ··································································································································· 66
802.1X client as the initiator ······························································································································· 66
Access device as the initiator ······························································································································· 66
802.1X authentication procedures ······························································································································ 66
EAP relay ································································································································································ 67
EAP termination ····················································································································································· 70
iii