Table of Contents
Advertisement
8. Security Configuration
In this chapter we will introduce our company's network security solution to you. If you desire to improve
your network security strategy, this chapter will provide an ideal answer for you. Also we will introduce
how to configure an authentification, authorization, recording, and relating TACACS+ and the
configuration methods of RADIUS. Meanwhile, you will learn the usage methods of IPSec.
8.1 Configure AAA
8.1.1 AAA Overview
Access Control is to control the users have access to Router or Network Access Server (NAS), and limit
the service types that can be used by them. This feature provides Anthentication, Authorization,
Accounting (AAA) functions so as to improve the network security.
1. AAA Security Service
Authentication is the way to identify the users before accepting their requests for access and network
service. You can define a named list of anthentication methods to configure the AAA authentication,
and then apply this list on each port. The list has defined the authentication methods that have been
executed and their execution order; any defined authentication method must be applied on a specific
port before it is executed. The only exception is the list of default methods( named "default"). If
there's no other methods lists, the default will be automatically applied to all ports. Definition of any
method list will cover the default.
methods, please refer to Authentication Configuration.
♦ Authorization——Provide a method for remote access control, used to limit the user's service
priority.
AAA authorize a user to function through a group of properties regarding this user, and these
properties describe which prioroties have been given to the user.
properties with the specific user information that is included in the database and reply the result to
AAA, so as to determine the actual priority of the this user. This database locates in the local
server that is been accessing or Router, or in a remote RADIUS or TACACS+ security server. The
user is authorized through the Attribute-Value Pairs, defining priorities that are allowed to authorize
and relating to the user. All authorization methods must be according to the AAA definition.
Similar to authentication, first of all, you shall have to define a list of authorized methods, and apply
this list to all ports. As for detailed information of AAA authorization configuration, please refer to
"Authorization Configuration".
♦ Accounting——Provides a method for collecting user service information and sending it to the
security server. This info can be used to offer an account, audit and form a report form, such as
user indentifier, start and end time, executed command, the number of packets and bytes.
Accounting traces not only the users' access service, but also the network resource that they
consumed. Once enable the AAA accounting feature, the network access server will report the
user's activities to the TACACS+ or RADIUS security server in the form of accounting. Each piece
of accounting, including accounted Attribute-Value pairs, is stored on the security server. These
data can used for network managemanet, customer bill or audit analysis. Alike the authentication
and authorization, you shall have to define a list of accounting methods, and apply this list to all
ports. As for detailed information of AAA accounting configuration, please refer to "Accounting
Configuration".
AAA is a system structure that uses the same configuration method to configure three independent
security functions, which provides modulized methods to complete he following service:
♦ Authentication——Provides a method to indentify the user, incl. enquiry of user name and
password, and encryption in accordance with the selected security protocol.
Model Name
As for detailed information of all authentication configuration
- 333 -
Router compares these
Hide quick links:
Advertisement
Table of Contents
