Contents
Configuring AAA ························································································································································· 1
AAA overview ··································································································································································· 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 7
Domain-based user management ··························································································································· 9
AAA for MPLS L3VPNs ········································································································································· 10
Protocols and standards ······································································································································· 10
RADIUS attributes ·················································································································································· 11
Configuring AAA schemes ············································································································································ 15
Configuring local users ········································································································································· 15
Configuring RADIUS schemes ······························································································································ 20
Configuring HWTACACS schemes ····················································································································· 31
Configuration prerequisites ·································································································································· 38
Creating an ISP domain ······································································································································· 38
Tearing down user connections ···································································································································· 44
Displaying and maintaining AAA ································································································································ 45
AAA configuration examples ········································································································································ 45
Troubleshooting AAA ···················································································································································· 63
Troubleshooting RADIUS ······································································································································· 63
Troubleshooting HWTACACS ······························································································································ 64
802.1X overview ······················································································································································· 65
802.1X architecture ······················································································································································· 65
802.1X-related protocols ·············································································································································· 66
Packet formats ························································································································································ 67
EAP over RADIUS ·················································································································································· 68
Initiating 802.1X authentication ··································································································································· 68
802.1X client as the initiator································································································································ 68
Access device as the initiator ······························································································································· 69
802.1X authentication procedures ······························································································································ 69
EAP relay ································································································································································ 70
EAP termination ····················································································································································· 73
Configuring 802.1X ·················································································································································· 74
HP implementation of 802.1X ······································································································································ 74
i