Contents
Configuring AAA ····························································································· 1
Overview ···························································································································································· 1
RADIUS ······················································································································································ 2
HWTACACS ··············································································································································· 6
Protocols and standards ·························································································································· 10
RADIUS attributes ···································································································································· 11
FIPS compliance ·············································································································································· 14
Configuring AAA schemes ······························································································································· 15
Configuring local users ····························································································································· 15
Configuring RADIUS schemes ················································································································· 18
Configuration prerequisites ······················································································································ 33
Creating an ISP domain ··························································································································· 33
Setting the ISP domain status ·················································································································· 34
Displaying and maintaining AAA ······················································································································ 37
AAA configuration examples ···························································································································· 38
Troubleshooting RADIUS ································································································································· 44
RADIUS authentication failure ················································································································· 44
RADIUS accounting error ························································································································· 45
Troubleshooting HWTACACS ·························································································································· 45
Overview ·························································································································································· 46
Password setting ······································································································································ 46
User login control ····································································································································· 48
Logging ···················································································································································· 48
FIPS compliance ·············································································································································· 49
Enabling password control ······························································································································· 49
Network requirements ······························································································································ 53
Configuration procedure ··························································································································· 54
Verifying the configuration ························································································································ 55
Managing public keys ··················································································· 57
Overview ·························································································································································· 57
FIPS compliance ·············································································································································· 57
Creating a local key pair ·································································································································· 57
i