RADIUS packet format ········································································································································ 376
Extended RADIUS attributes ······························································································································· 378
Protocols and standards ····································································································································· 379
Configuring RADIUS servers ······································································································································· 379
RADIUS configuration example ·································································································································· 383
Configuration guidelines ············································································································································· 389
Overview ······································································································································································· 391
Configuring a local user ·············································································································································· 391
Configuring a user group ············································································································································ 393
Configuring PKI ······················································································································································· 395
PKI overview ································································································································································· 395
PKI terms ······························································································································································· 395
PKI architecture ···················································································································································· 395
PKI applications ··················································································································································· 396
How PKI operates ················································································································································ 397
Configuring PKI ···························································································································································· 397
Creating a PKI entity ··········································································································································· 400
Creating a PKI domain ······································································································································· 401
Generating an RSA key pair ······························································································································ 404
Destroying the RSA key pair ······························································································································ 405
Requesting a local certificate ····························································································································· 407
Retrieving and displaying a CRL ························································································································ 408
PKI configuration example ·········································································································································· 410
Configuration guidelines ············································································································································· 414
Configuring authorized IP ······································································································································ 415
Overview ······································································································································································· 415
Configuring authorized IP ··········································································································································· 415
Configuring port isolation ······································································································································· 419
Overview ······································································································································································· 419
Configuring the isolation group ·································································································································· 419
Configuring ACLs ···················································································································································· 422
ACL overview ······························································································································································· 422
ACL categories ···················································································································································· 422
Match order ························································································································································· 422
ACL rule numbering ············································································································································ 423
Configuring a time range ··································································································································· 425
Adding an IPv4 ACL ··········································································································································· 426
ix