Contents
Security overview ························································································································································· 1
Network security threats ··················································································································································· 1
Network security services ················································································································································· 1
Network security technologies ········································································································································· 1
Identity authentication ·············································································································································· 1
Access security ·························································································································································· 2
Data security ····························································································································································· 2
Connection control ··················································································································································· 3
Attack detection and protection ······························································································································ 3
Other security technologies ····································································································································· 4
Configuring AAA ························································································································································· 5
FIPS compliance ································································································································································ 5
AAA overview ··································································································································································· 5
RADIUS ······································································································································································ 6
HWTACACS ·························································································································································· 11
Domain-based user management ························································································································ 13
AAA across MPLS L3VPNs ··································································································································· 14
Protocols and standards ······································································································································· 14
RADIUS attributes ·················································································································································· 15
Configuring AAA schemes ············································································································································ 19
Configuring local users ········································································································································· 19
Configuring RADIUS schemes ······························································································································ 24
Configuring HWTACACS schemes ····················································································································· 36
Configuration prerequisites ·································································································································· 43
Creating an ISP domain ······································································································································· 43
Tearing down user connections ···································································································································· 50
Displaying and maintaining AAA ································································································································ 50
AAA configuration examples ········································································································································ 51
Troubleshooting AAA ···················································································································································· 65
Troubleshooting RADIUS ······································································································································· 65
Troubleshooting HWTACACS ······························································································································ 67
802.1X overview ······················································································································································· 68
802.1X architecture ······················································································································································· 68
802.1X-related protocols ·············································································································································· 69
Packet formats ························································································································································ 69
EAP over RADIUS ·················································································································································· 71
i