RADIUS packet format ········································································································································ 376

Extended RADIUS attributes ······························································································································· 378

Protocols and standards ····································································································································· 379

Recommended RADIUS configuration procedure ····································································································· 379

Configuring RADIUS servers ······································································································································· 379

Configuring RADIUS communication parameters ····································································································· 381

RADIUS configuration example ·································································································································· 383

Configuration guidelines ············································································································································· 389

Configuring users and user groups ························································································································ 391

Overview ······································································································································································· 391

Configuring a local user ·············································································································································· 391

Configuring a user group ············································································································································ 393

Configuring PKI ······················································································································································· 395

PKI overview ································································································································································· 395

PKI terms ······························································································································································· 395

PKI architecture ···················································································································································· 395

PKI applications ··················································································································································· 396

How PKI operates ················································································································································ 397

Recommended configuration procedure for manual request ·········································································· 397

Recommended configuration procedure for automatic request ······································································ 399

Creating a PKI entity ··········································································································································· 400

Creating a PKI domain ······································································································································· 401

Generating an RSA key pair ······························································································································ 404

Destroying the RSA key pair ······························································································································ 405

Retrieving and displaying a certificate ············································································································· 405

Requesting a local certificate ····························································································································· 407

Retrieving and displaying a CRL ························································································································ 408

PKI configuration example ·········································································································································· 410

Configuring authorized IP ······································································································································ 415

Authorized IP configuration example ························································································································· 416

Configuring port isolation ······································································································································· 419

Configuring the isolation group ·································································································································· 419

Port isolation configuration example·························································································································· 420

Configuring ACLs ···················································································································································· 422

ACL overview ······························································································································································· 422

ACL categories ···················································································································································· 422

Match order ························································································································································· 422

ACL rule numbering ············································································································································ 423

Implementing time-based ACL rules ··················································································································· 424

IPv4 fragments filtering with ACLs ····················································································································· 424

Recommend ACL configuration procedures ·············································································································· 424

Configuring a time range ··································································································································· 425

Adding an IPv4 ACL ··········································································································································· 426

Configuring a rule for a basic IPv4 ACL ··········································································································· 427

Configuring a rule for an advanced IPv4 ACL ································································································· 428