Displaying The Radius Configuration; Controlling Switch Access With Kerberos; Understanding Kerberos - Cisco Catalyst 3560-X Software Configuration Manual

Chapter 1 Configuring Switch-Based Authentication
Configuring RADIUS Server Load Balancing
This feature allows access and authentication requests to be evenly across all RADIUS servers in a server
group. For more information, see the "RADIUS Server Load Balancing" chapter of the Cisco IOS
Security Configuration Guide, Release 12.4.

Displaying the RADIUS Configuration

To display the RADIUS configuration, use the show running-config privileged EXEC command.

Controlling Switch Access with Kerberos

This section describes how to enable and configure the Kerberos security system, which authenticates
requests for network resources by using a trusted third party.
These sections contain this information:
•
•
•
For Kerberos configuration examples, see the "Kerberos Configuration Examples" section in the
"Security Server Protocols" chapter of the Cisco IOS Security Configuration Guide, Release 12.4.
For complete syntax and usage information for the commands used in this section, see the "Kerberos
Commands" section in the "Security Server Protocols" chapter of the Cisco IOS Security Command
Reference, Release 12.4.
In the Kerberos configuration examples and in the Cisco IOS Security Command Reference,
Note
Release 12.4, the trusted third party can be a switch that supports Kerberos, that is configured as a
network security server, and that can authenticate users by using the Kerberos protocol.

Understanding Kerberos

Kerberos is a secret-key network authentication protocol, which was developed at the Massachusetts
Institute of Technology (MIT). It uses the Data Encryption Standard (DES) cryptographic algorithm for
encryption and authentication and authenticates requests for network resources. Kerberos uses the
concept of a trusted third party to perform secure verification of users and services. This trusted third
party is called the key distribution center (KDC).
Kerberos verifies that users are who they claim to be and the network services that they use are what the
services claim to be. To do this, a KDC or trusted Kerberos server issues tickets to users. These tickets,
which have a limited lifespan, are stored in user credential caches. The Kerberos server uses the tickets
instead of usernames and passwords to authenticate users and network services.
A Kerberos server can be a Catalyst 3750-X or 3560-X switch that is configured as a network security
Note
server and that can authenticate users by using the Kerberos protocol.
OL-25303-03
Understanding Kerberos, page 1-39
Kerberos Operation, page 1-41
Configuring Kerberos, page 1-42
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
Controlling Switch Access with Kerberos
1-39