Contents
Configuring AAA ························································································································································· 1
AAA overview ··································································································································································· 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 7
Domain-based user management ··························································································································· 9
Protocols and standards ······································································································································· 11
RADIUS attributes ·················································································································································· 12
FIPS compliance ····························································································································································· 15
Configuring AAA schemes ············································································································································ 16
Configuring local users ········································································································································· 16
Configuring RADIUS schemes ······························································································································ 21
Configuring HWTACACS schemes ····················································································································· 34
Configuration prerequisites ·································································································································· 40
Creating an ISP domain ······································································································································· 41
Tearing down user connections ···································································································································· 47
Configuring a RADIUS user ·································································································································· 48
Specifying a RADIUS client ·································································································································· 49
Displaying and maintaining AAA ································································································································ 49
AAA configuration examples ········································································································································ 50
Troubleshooting AAA ···················································································································································· 76
Troubleshooting RADIUS ······································································································································· 76
Troubleshooting HWTACACS ······························································································································ 77
802.1X overview ······················································································································································· 78
802.1X architecture ······················································································································································· 78
802.1X-related protocols ·············································································································································· 79
Packet formats ························································································································································ 80
EAP over RADIUS ·················································································································································· 81
Initiating 802.1X authentication ··································································································································· 81
i