Contents
AAA configuration ··························································································································································· 1
AAA overview ··································································································································································· 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 7
Domain-based user management ··························································································································· 9
Protocols and standards ······································································································································· 11
RADIUS attributes ·················································································································································· 11
Configuring AAA schemes ············································································································································ 16
Configuring local users ········································································································································· 16
Configuring RADIUS schemes ······························································································································ 20
Configuring HWTACACS schemes ····················································································································· 30
Configuration prerequisites ·································································································································· 36
Creating an ISP domain ······································································································································· 36
Configuring a RADIUS user ·································································································································· 42
Specifying a RADIUS client ·································································································································· 43
Displaying and maintaining AAA ································································································································ 44
AAA configuration examples ········································································································································ 44
Troubleshooting AAA ···················································································································································· 61
Troubleshooting RADIUS ······································································································································ 61
Troubleshooting HWTACACS······························································································································ 62
802.1X fundamentals ···················································································································································· 63
802.1X architecture ······················································································································································· 63
802.1X-related protocols ·············································································································································· 64
Packet format ························································································································································· 64
EAP over RADIUS ·················································································································································· 66
Initiating 802.1X authentication ··································································································································· 66
802.1X client as the initiator ······························································································································· 66
Access device as the initiator ······························································································································· 66
802.1X authentication procedures ······························································································································ 67
EAP relay ································································································································································ 68
EAP termination ····················································································································································· 69
iii