Contents
Configuring AAA ························································································································································· 1
Overview ············································································································································································ 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 7
Domain-based user management ··························································································································· 9
AAA for MPLS L3VPNs ········································································································································· 10
Protocols and standards ······································································································································· 10
RADIUS attributes ·················································································································································· 11
FIPS compliance ····························································································································································· 14
Configuring AAA schemes ············································································································································ 16
Configuring local users ········································································································································· 16
Configuring RADIUS schemes ······························································································································ 20
Configuring HWTACACS schemes ····················································································································· 32
Configuration prerequisites ·································································································································· 39
Creating an ISP domain ······································································································································· 39
Tearing down user connections ···································································································································· 45
Displaying and maintaining AAA ································································································································ 46
AAA configuration examples ········································································································································ 47
Troubleshooting AAA ···················································································································································· 69
Troubleshooting RADIUS ······································································································································· 69
Troubleshooting HWTACACS ······························································································································ 71
802.1X overview ······················································································································································· 72
802.1X architecture ······················································································································································· 72
802.1X-related protocols ·············································································································································· 73
EAP over RADIUS ·················································································································································· 74
Initiating 802.1X authentication ··································································································································· 75
802.1X client as the initiator································································································································ 75
Access device as the initiator ······························································································································· 75
802.1X authentication procedures ······························································································································ 76
EAP relay ································································································································································ 77
EAP termination ····················································································································································· 78
Configuring 802.1X ·················································································································································· 80
HP implementation of 802.1X ······································································································································ 80
i