Contents
Configuring AAA ························································································································································· 1
Overview ············································································································································································ 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 7
LDAP ·········································································································································································· 9
AAA for MPLS L3VPNs ········································································································································· 13
Protocols and standards ······································································································································· 14
RADIUS attributes ·················································································································································· 14
FIPS compliance ····························································································································································· 17
Configuring AAA schemes ············································································································································ 18
Configuring local users ········································································································································· 18
Configuring RADIUS schemes ······························································································································ 23
Configuring HWTACACS schemes ····················································································································· 33
Configuring LDAP schemes ·································································································································· 40
Configuration prerequisites ·································································································································· 43
Creating an ISP domain ······································································································································· 43
Displaying and maintaining AAA ································································································································ 50
AAA configuration examples ········································································································································ 51
Troubleshooting RADIUS ··············································································································································· 60
RADIUS authentication failure ······························································································································ 60
RADIUS packet delivery failure ···························································································································· 61
RADIUS accounting error ····································································································································· 61
Troubleshooting HWTACACS ······································································································································ 62
Troubleshooting LDAP ···················································································································································· 62
Overview ········································································································································································· 64
Extended portal functions ····································································································································· 64
Portal system components ····································································································································· 64
Portal authentication modes ································································································································· 66
Portal authentication process ······························································································································· 67
Portal configuration task list ·········································································································································· 69
Configuration prerequisites ··········································································································································· 69
i