Radius-Server Domain-Stripping Enhancements
Size: px
Start display at page:

Download "Radius-Server Domain-Stripping Enhancements"

Transcription

1 Radius-Server Domain-Stripping Enhancements Feature History Release 12.2(15)B Modification This feature was introduced on the Cisco 7200 series and Cisco 7400 ASR. This document describes the Radius-Server Domain-Stripping Enhancements feature in Cisco IOS Release 12.2(15)B. It includes the following sections: Feature Overview, page 1 Supported Platforms, page 2 Supported Standards, MIBs, and RFCs, page 2 Configuration Tasks, page 3 Configuration Examples, page 4 Command Reference, page 5 Feature Overview The Radius-Server Domain-Stripping Enhancements feature introduces two new configuration options to the radius-server domain-stripping command the right-to-left and delimiter options. Before this feature, whenever the radius-server domain-stripping command was enabled, the authentication, authorization, and accounting (AAA) username format user@company.com could be sent to remote RADIUS servers only in the reformatted username user. (That is, the reformatted username was formed from the original string but terminated at the character going from left to right.) This functionality limited the choice of usernames if there were more than character within the string. It also limited the domain delimiter to character because any other possible characters (such as the % character) could not be used. The right-to-left and delimiter options address these limitations in the following ways: The right-to-left option parses the username in the reverse direction (from right to left) so that the username user@company.com can also be sent in AAA requests. The delimiter option configures a combination of characters (@, $,%, /, -, and \) to be the set if domain delimiter characters. Any of domain delimiters in the configured subset can be recognized, but whichever character comes first when searching the original username string is recognized first. 1

2 Supported Platforms Radius-Server Domain-Stripping Enhancements Benefits This feature introduces support for the following two variations of a AAA username: The right-to-left option, which configures a username with multiple domain delimiters The delimiter option, which configures a username with domain delimiters other than character. Related Documents For information on additional RADIUS commands and RADIUS configurations tasks, refer to the following documents: The chapter Configuring RADIUS in the Cisco IOS Security Configuration Guide, Release 12.2 The chapter RADIUS Commands in the Cisco IOS Security Command Reference, Release 12.2 For information on enabling VRF-aware domain-stripping, refer to the following document: Per VRF AAA, Cisco IOS feature module Release 12.2(4)B Supported Platforms Cisco 7200 series Cisco 7400 series Availability of Cisco IOS Software Images Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator. Supported Standards, MIBs, and RFCs Standards None MIBs None To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: 2

3 Radius-Server Domain-Stripping Enhancements Configuration Tasks If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL: To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank to cco-locksmith@cisco.com. An automatic check will verify that your address is registered with Cisco.com. If the check is successful, account details with a new random password will be ed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL: RFCs None Configuration Tasks See the following sections for configuration tasks for the Radius-Server Domain-Stripping Enhancements feature. Each task in the list is identified as either required or optional. Configuring Right-to-Left Support (required) Configuring Delimiter Support (required) Verifying Right-to-Left and Delimiter Configurations (optional) Configuring Right-to-Left Support To enable the right-to-left option to support a username with multiple domain delimiters, use the following command in global configuration mode: Command Router (config)# radius-server domain-stripping [right-to-left] [vrf vrf-name] Purpose Enables domain-stripping. right-to-left Parses the username in reverse direction (from right to left). vrf vrf-name Specifies the per-vrf configuration. This option works for VRF users and non-vrf users. This option works independently from the delimiter option. 3

4 Configuration Examples Radius-Server Domain-Stripping Enhancements Configuring Delimiter Support To enable the delimiter option to support a username with domain delimiters other than character, use the following command in global configuration mode: Command Router (config)# radius-server domain-stripping [right-to-left] [vrf vrf-name] Purpose Enables domain-stripping. delimiter string1[string2... string7] Configures a character or combination of characters to be the domain delimiter character set. Available character options #, $,%, /, -, and \. vrf vrf-name Specifies the per-vrf configuration. This option works for VRF users and non-vrf users. This option works independently from the right-to-left option. Verifying Right-to-Left and Delimiter Configurations To verify feature functionality, use the following command in EXEC mode: Command Router# debug radius Purpose Checks whether the reformatted username attribute is sent to the RADIUS server in authentication and accounting requests. Configuration Examples This section provides the following configuration examples: Right-to-Left Configuration Example Delimiter Character Set Example Right-to-Left Configuration Example The following example shows a configuration that strips the domain name from the VRF abc and strips the domain name from right to left for the non-vrf and VRF def. In this example, VRF abc has the original username user1@abc.com.@isp.net, and the reformatted version user1 will be used in requests that are sent to RADIUS servers. The non-vrf has the username user2@isp.com@isp.net, and the reformatted version user2@isp.com will be used. VRF def has the original format user3@def.com@isp.net, and the reformatted version user3@def.com will be used. radius-server domain-stripping vrf abc radius-server domain-stripping right-to-left radius-server domain-stripping right-to-left vrf def 4

5 Radius-Server Domain-Stripping Enhancements Command Reference Delimiter Character Set Example The following example shows a configuration that strips the domain name from the VRF abc, strips the domain name from VRF def at the % string, and strips the domain name from the VRF ghi from right to left at the delimiter character $, /: radius-server domain-stripping vrf abc radius-server domain-stripping delimiter % vrf def radius-server domain-stripping right-to-left vrf ghi After the domain stripping is complete, the corresponding usernames are sent to the RADIUS server as described in Table 1. Table 1 radius-server domain-stripping Reformatted Username Examples Original Username user1@abc.com@isp.net%mfxxx user1@def.com@isp.net%mfxxx user1@ghi.com@isp.net%mfxxx Reformatted Username user1 user1@def.com@isp.net user1@ghi.com Command Reference This section documents a new command. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications. radius-server domain-stripping 5

6 radius-server domain-stripping Radius-Server Domain-Stripping Enhancements radius-server domain-stripping To enable domain stripping, use the radius-server domain-stripping command in global configuration mode. To remove this command from your configuration, use the no form of this command. radius-server domain-stripping [right-to-left] [delimiter string1, [string2... string7]] [vrf vrf-name] no radius-server domain-stripping [right-to-left] [delimiter string1, [string2... string7]] [vrf vrf-name] Syntax Description right-to-left delimiter string1, [string2... string7] vrf vrf-name (Optional) Parses the username in reverse direction (from right to left). (Optional) Configures a character or combination of characters to be the domain delimiter character set. Available character options #, $,%, /, -, and \. Do not put the \ string as the final character unless it is the only character string being used. (Optional) Specifies the per-vrf configuration. Defaults RADIUS server domain-stripping is not configured. The username is parsed from left to right. The default delimiter string Command Modes Global configuration Command History Release 12.2(2)DD 12.2(4)B 12.2(15)B Modification This command was introduced. This command was integrated into Cisco IOS Release 12.2(4)B. The right-to-left and delimiter string1, [string2... string7] options were added. Usage Guidelines Use the radius-server domain-stripping command to strip or truncate the domain from a username. For example, if the username is user1@cisco.com and the radius-server domain-stripping command is configured, only user1 is sent out as the username. When the right-to-left keyword is configured, the username is parsed in the reverse direction. For example, if this keyword is not enabled, user is the only available username for user@company.com@isp.net. However, if this keyword is enabled, the username user@company.com. can also be sent in authentication, authorization, and accounting (AAA) requests. When the delimiter string1, [string2... string7] option is configured, a character set of domain delimiters is configured in the username. Any of domain delimiters in the configured subset can be recognized, but whichever character comes first when searching the original username string is recognized first. 6

7 Radius-Server Domain-Stripping Enhancements radius-server domain-stripping The right-to-left and delimiter keywords work for VRF and non-vrf users. Also, each keyword works independently of each other. When the vrf vrf-name option is configured, domain stripping applies only to the specified VRF. Examples The following example shows a configuration that strips the domain name from the VRF abc and strips the domain name from right to left for the non-vrf and VRF def. In this example, VRF abc has the original username user1@abc.com.@isp.net, and the reformatted version user1 will be used in requests that are sent to RADIUS servers. The non-vrf has the username user2@isp.com@isp.net, and the reformatted version user2@isp.com will be used. VRF def has the original format user3@def.com@isp.net, and the reformatted version user3@def.com will be used. radius-server domain-stripping vrf abc radius-server domain-stripping right-to-left radius-server domain-stripping right-to-left vrf def The following example shows a configuration that strips the domain name from the VRF abc, strips the domain name from VRF def at the % string, and strips the domain name from the VRF ghi from right to left at the delimiter character $, /: radius-server domain-stripping vrf abc radius-server domain-stripping delimiter % vrf def radius-server domain-stripping right-to-left vrf ghi After the domain stripping is complete, the corresponding usernames are sent to the RADIUS server as follows: Original Username user1@abc.com@isp.net%mfxxx user1@def.com@isp.net%mfxxx user1@ghi.com@isp.net%mfxxx Reformatted Username user1 user1@def.com@isp.net user1@ghi.com 7

8 radius-server domain-stripping Radius-Server Domain-Stripping Enhancements 8

Similar documents

VLAN Range. Feature Overview

VLAN Range. Feature Overview VLAN Range Feature History Release 12.0(7)XE 12.1(5)T 12.2(2)DD 12.2(4)B 12.2(8)T 12.2(13)T Modification The interface range command was introduced. The interface range command was integrated into Cisco

More information

VLAN Range. Feature Overview

VLAN Range. Feature Overview VLAN Range Feature History Release 12.0(7)XE 12.1(5)T 12.2(2)DD Modification The interface range command was introduced. The interface range command was integrated into Cisco IOS Release 12.1(5)T. The

More information

Signaling IS-IS When dcef Is Disabled

Signaling IS-IS When dcef Is Disabled Signaling IS-IS When dcef Is Disabled Feature History Release 12.0(10)S 12.0(10)ST Modification This feature was introduced. This command was integrated into T. This feature module describes the Signaling

More information

Pre-Fragmentation for IPSec VPNs

Pre-Fragmentation for IPSec VPNs Pre-Fragmentation for IPSec VPNs Feature History Release 12.1(11b)E 12.2(13)T 12.2(14)S Modification This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(13)T. This feature

More information

RADIUS Route Download

RADIUS Route Download The feature allows users to configure their network access server (NAS) to direct RADIUS authorization. Finding Feature Information, page 1 Prerequisites for, page 1 Information About, page 1 How to Configure,

More information

RPR+ on Cisco 7500 Series Routers

RPR+ on Cisco 7500 Series Routers RPR+ on Cisco 7500 Series Routers Feature History 12.0(19)ST1 12.0(22)S 12.2(14)S This feature was introduced. This feature was integrated into Cisco IOS Release 12.0(22)S. This feature was integrated

More information

Restrictions for Secure Copy Performance Improvement

Restrictions for Secure Copy Performance Improvement The Protocol (SCP) feature provides a secure and authenticated method for copying router configuration or router image files. SCP relies on Secure Shell (SSH), an application and a protocol that provide

More information

Universal Port Resource Pooling for Voice and Data Services

Universal Port Resource Pooling for Voice and Data Services Universal Port Resource Pooling for Voice and Data Services Feature History Release 12.2(2)XA 12.2(2)XB1 12.2(11)T Description This feature was introduced on the Cisco AS5350 and AS5400. This feature was

More information

Configuring Local Authentication and Authorization

Configuring Local Authentication and Authorization Configuring Local Authentication and Authorization Finding Feature Information, page 1 How to Configure Local Authentication and Authorization, page 1 Monitoring Local Authentication and Authorization,

More information

MPLS VPN ID. Feature Overview. This feature was introduced. Support for this feature was integrated into Cisco IOS Release 12.2(4)B.

MPLS VPN ID. Feature Overview. This feature was introduced. Support for this feature was integrated into Cisco IOS Release 12.2(4)B. MPLS VPN ID Feature History Release 12.0(17)ST 12.2(4)B Modification This feature was introduced. Support for this feature was integrated into. This document describes the MPLS VPN ID feature in and includes

More information

Encrypted Vendor-Specific Attributes

Encrypted Vendor-Specific Attributes The feature provides users with a way to centrally manage filters at a RADIUS server and supports the following types of string vendor-specific attributes (VSAs): Tagged String VSA, on page 2 (similar

More information

This feature was introduced.

This feature was introduced. Feature History Release 12.2(11)T Modification This feature was introduced. This document describes the QSIG for TCL IVR (Tool Language Interactive Voice Response) 2.0 feature in and includes the following

More information

AAA Authorization and Authentication Cache

AAA Authorization and Authentication Cache AAA Authorization and Authentication Cache First Published: March 16, 2006 Last Updated: March 1, 2006 The AAA Authorization and Authentication Cache feature allows you to cache authorization and authentication

More information

DHCP Server Port-Based Address Allocation

DHCP Server Port-Based Address Allocation The feature provides port-based address allocation support on the Cisco IOS Dynamic Host Configuration Protocol (DHCP) server for the Ethernet platform. The DHCP server provides address assignment support

More information

RADIUS Logical Line ID

RADIUS Logical Line ID RADIUS Logical Line ID Feature History for RADIUS Logical Line ID Release Modification 12.2(13)T This feature was introduced. 12.2(15)B This feature was integrated into Cisco IOS Release 12.2(15)B. 12.2(27)SBA

More information

IEEE 802.1X Multiple Authentication

IEEE 802.1X Multiple Authentication The feature provides a means of authenticating multiple hosts on a single port. With both 802.1X and non-802.1x devices, multiple hosts can be authenticated using different methods. Each host is individually

More information

HTTP 1.1 Web Server and Client

HTTP 1.1 Web Server and Client The feature provides a consistent interface for users and applications by implementing support for HTTP 1.1 in Cisco IOS XE software-based devices. When combined with the HTTPS feature, the feature provides

More information

AAA Dead-Server Detection

AAA Dead-Server Detection The feature allows you to configure the criteria to be used to mark a RADIUS server as dead. If no criteria are explicitly configured, the criteria are computed dynamically on the basis of the number of

More information

Encrypted Vendor-Specific Attributes

Encrypted Vendor-Specific Attributes Encrypted Vendor-Specific Attributes Last Updated: January 15, 2012 The Encrypted Vendor-Specific Attributes feature provides users with a way to centrally manage filters at a RADIUS server and supports

More information

FPG Endpoint Agnostic Port Allocation

FPG Endpoint Agnostic Port Allocation When the Endpoint Agnostic Port Allocation feature is configured, an entry is added to the Symmetric Port Database. If the entry is already available, the port listed in the Symmetric Port Database is

More information

DHCP Relay MPLS VPN Support

DHCP Relay MPLS VPN Support DHCP Relay MPLS VPN Support Feature History Release 12.2(4)B 12.2(8)T 12.2(13)T 12.2(27)SBA Modification This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(8)T The feature

More information

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH) Finding Feature Information, on page 1 Prerequisites for Configuring Secure Shell, on page 1 Restrictions for Configuring Secure Shell, on page 2 Information About Configuring Secure Shell, on page 2 How

More information

MPLS Traffic Engineering (TE) Configurable Path Calculation Metric for Tunnels

MPLS Traffic Engineering (TE) Configurable Path Calculation Metric for Tunnels MPLS Traffic Engineering (TE) Configurable Path Calculation Metric for Tunnels Feature History Release 12.0(18)ST 12.2(11)S 12.0(22)S Modification This feature was introduced. This feature was integrated

More information

You can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource

You can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource The feature enables the configuration of a Virtual Private Network (VPN) routing and forwarding instance (VRF) table so that the domain name system (DNS) can forward queries to name servers using the VRF

More information

The MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to

The MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to The feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to utilize Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAP V2) authentication for PPP connections between

More information

Implementing Secure Shell

Implementing Secure Shell Implementing Secure Shell Secure Shell (SSH) is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures sessions using standard cryptographic mechanisms,

More information

PPPoE Client DDR Idle Timer

PPPoE Client DDR Idle Timer The feature supports the dial-on-demand routing (DDR) interesting traffic control list functionality of the dialer interface with a PPP over Ethernet (PPPoE) client, but also keeps original functionality

More information

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH) Starting with Cisco IOS XE Denali 16.3.1, Secure Shell Version 1 (SSHv1) is deprecated. Finding Feature Information, on page 1 Prerequisites for Configuring Secure Shell, on page 1 Restrictions for Configuring

More information

Configuring Embedded Resource Manager-MIB

Configuring Embedded Resource Manager-MIB The Embedded Resource Manager (ERM)-MIB feature introduces MIB support for the ERM feature. The ERM feature tracks resource usage information for every registered resource owner and resource user. The

More information

DHCP Server Port-Based Address Allocation

DHCP Server Port-Based Address Allocation DHCP Server Port-Based Address Allocation Finding Feature Information DHCP Server Port-Based Address Allocation Last Updated: July 04, 2011 First Published: June 4, 2010 Last Updated: Sept 9, 2010 The

More information

NetFlow Multiple Export Destinations

NetFlow Multiple Export Destinations Feature History Release 12.0(19)S 12.0(19)ST 12.2(2)T 12.2(14)S Modification This feature was introduced on the Cisco 12000 Internet router. This feature was integrated into Cisco IOS Release 12.0(19)ST.

More information

WCCPv2 and WCCP Enhancements

WCCPv2 and WCCP Enhancements WCCPv2 and WCCP Enhancements Release 12.0(11)S June 20, 2000 This feature module describes the Web Cache Communication Protocol (WCCP) Enhancements feature and includes information on the benefits of the

More information

Match-in-VRF Support for NAT

Match-in-VRF Support for NAT The feature supports Network Address Translation (NAT) of packets that communicate between two hosts within the same VPN routing and forwarding (VRF) instance. In intra-vpn NAT, both the local and global

More information

Configuring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon

Configuring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon Configuring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon Intelligent Services Gateway (ISG) is a Cisco software feature set that provides a structured framework in which

More information

1-Port DSU/CSU T1 WIC for the Cisco 1700, Cisco 2600, Cisco 3600, and Cisco 3700 Series Routers

1-Port DSU/CSU T1 WIC for the Cisco 1700, Cisco 2600, Cisco 3600, and Cisco 3700 Series Routers 1-Port DSU/CSU T1 WIC for the Cisco 1700, Cisco 2600, Cisco 3600, and Cisco 3700 Series Routers Feature History Release Modification 11.2 This feature was introduced on the Cisco 1600 series and Cisco

More information

IPsec Dead Peer Detection Periodic Message Option

IPsec Dead Peer Detection Periodic Message Option IPsec Dead Peer Detection Periodic Message The IPsec Dead Peer Detection Periodic Message feature is used to configure the router to query the liveliness of its Internet Key Exchange (IKE) peer at regular

More information

DMVPN Event Tracing. Finding Feature Information

DMVPN Event Tracing. Finding Feature Information The feature provides a trace facility for troubleshooting Cisco IOS Dynamic Multipoint VPN (DMVPN). This feature enables you to monitor DMVPN events, errors, and exceptions. During runtime, the event trace

More information

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH) Finding Feature Information, page 1 Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information about SSH, page 3 How to Configure SSH, page 5 Monitoring

More information

OSPFv2 Local RIB. Finding Feature Information

OSPFv2 Local RIB. Finding Feature Information With the feature, each OSPF protocol instance has its own local Routing Information Base (RIB). The OSPF local RIB serves as the primary state for OSPF SPF route computation. The global RIB is not updated

More information

Per-User ACL Support for 802.1X/MAB/Webauth Users

Per-User ACL Support for 802.1X/MAB/Webauth Users Per-User ACL Support for 802.1X/MAB/Webauth Users This feature allows per-user ACLs to be downloaded from the Cisco Access Control Server (ACS) as policy enforcement after authentication using IEEE 802.1X,

More information

Password Strength and Management for Common Criteria

Password Strength and Management for Common Criteria Password Strength and Management for Common Criteria The Password Strength and Management for Common Criteria feature is used to specify password policies and security mechanisms for storing, retrieving,

More information

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH) Finding Feature Information, page 1 Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information about SSH, page 2 How to Configure SSH, page 5 Monitoring

More information

DHCP Server RADIUS Proxy

DHCP Server RADIUS Proxy The Dynamic Host Configuration Protocol (DHCP) Server RADIUS Proxy is a RADIUS-based address assignment mechanism in which a DHCP server authorizes remote clients and allocates addresses based on replies

More information

RSVP Support for RTP Header Compression, Phase 1

RSVP Support for RTP Header Compression, Phase 1 RSVP Support for RTP Header Compression, Phase 1 The Resource Reservation Protocol (RSVP) Support for Real-Time Transport Protocol (RTP) Header Compression, Phase 1 feature provides a method for decreasing

More information

Configuring User Accounts and RBAC

Configuring User Accounts and RBAC 6 CHAPTER This chapter describes how to configure user accounts and role-based access control (RBAC) on NX-OS devices. This chapter includes the following sections: Information About User Accounts and

More information

DHCP ODAP Server Support

DHCP ODAP Server Support DHCP ODAP Server Support The DHCP ODAP Server Support feature introduces the capability to configure a Cisco IOS Dynamic Host Configuration Protocol (DHCP) server (or router) as a subnet allocation server.

More information

IEEE 802.1X RADIUS Accounting

IEEE 802.1X RADIUS Accounting The feature is used to relay important events to the RADIUS server (such as the supplicant's connection session). The information in these events is used for security and billing purposes. Finding Feature

More information

Generic Transparency Descriptor for GKTMP Using SS7 Interconnect for Voice Gateways Version 2.0

Generic Transparency Descriptor for GKTMP Using SS7 Interconnect for Voice Gateways Version 2.0 Generic Transparency Descriptor for GKTMP Using SS7 Interconnect for Voice Gateways Version 20 Feature History Release 122(2)XU Modification This feature was introduced This document describes the Generic

More information

Configuring Authorization

Configuring Authorization The AAA authorization feature is used to determine what a user can and cannot do. When AAA authorization is enabled, the network access server uses information retrieved from the user s profile, which

More information

ibgp Multipath Load Sharing

ibgp Multipath Load Sharing ibgp Multipath Load haring Feature History Release 12.2(2)T 12.2(14) Modification This feature was introduced. This feature was integrated into. This feature module describes the ibgp Multipath Load haring

More information

Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+)

Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+) Finding Feature Information, page 1 Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+), page 1 Information About TACACS+, page 3 How to Configure

More information

PT Activity: Configure AAA Authentication on Cisco Routers

PT Activity: Configure AAA Authentication on Cisco Routers PT Activity: Configure AAA Authentication on Cisco Routers Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask R1 Fa0/0 192.168.1.1 255.255.255.0 S0/0/0 10.1.1.2

More information

Configuring TACACS. Finding Feature Information. Prerequisites for Configuring TACACS

Configuring TACACS. Finding Feature Information. Prerequisites for Configuring TACACS TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ provides detailed accounting information and flexible

More information

Secure Shell Configuration Guide, Cisco IOS XE Everest 16.6

Secure Shell Configuration Guide, Cisco IOS XE Everest 16.6 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION

More information

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH) Finding Feature Information, page 1 Prerequisites for Configuring the Switch for Secure Shell (SSH) and Secure Copy Protocol (SCP), page 1 Restrictions for Configuring the Switch for SSH, page 2 Information

More information

Exclusive Configuration Change Access and Access Session Locking

Exclusive Configuration Change Access and Access Session Locking Exclusive Configuration Change Access and Access Session Locking Exclusive Configuration Change Access (also called the Configuration Lock feature) allows you to have exclusive change access to the Cisco

More information

Constraining IP Multicast in a Switched Ethernet Network

Constraining IP Multicast in a Switched Ethernet Network Constraining IP Multicast in a Switched Ethernet Network This module describes how to configure routers to use the Cisco Group Management Protocol (CGMP) in switched Ethernet networks to control multicast

More information

Configuring the Physical Subscriber Line for RADIUS Access and Accounting

Configuring the Physical Subscriber Line for RADIUS Access and Accounting Configuring the Physical Subscriber Line for RADIUS Access and Accounting Configuring a physical subscriber line for RADIUS Access and Accounting enables an L2TP access concentrator (LAC) and an L2TP network

More information

EIGRP Support for Route Map Filtering

EIGRP Support for Route Map Filtering The feature enables Enhanced Interior Gateway Routing Protocol (EIGRP) to interoperate with other protocols to leverage additional routing functionality by filtering inbound and outbound traffic based

More information

IEEE 802.1X Open Authentication

IEEE 802.1X Open Authentication allows a host to have network access without having to go through IEEE 802.1X authentication. Open authentication is useful in an applications such as the Preboot Execution Environment (PXE), where a device

More information

Transferring Files Using HTTP or HTTPS

Transferring Files Using HTTP or HTTPS Cisco IOS Release 12.4 provides the ability to transfer files between your Cisco IOS software-based device and a remote HTTP server using the HTTP or HTTP Secure (HTTPS) protocol. HTTP and HTTPS can now

More information

MPLS VPN Carrier Supporting Carrier

MPLS VPN Carrier Supporting Carrier MPLS VPN Carrier Supporting Carrier Feature History Release 12.0(14)ST 12.0(16)ST 12.2(8)T 12.0(21)ST 12.0(22)S 12.0(23)S Modification This feature was introduced in Cisco IOS Release 12.0(14)ST. Support

More information

Configuring Secure Shell

Configuring Secure Shell Configuring Secure Shell Last Updated: October 24, 2011 The Secure Shell (SSH) feature is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures

More information

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH) Finding Feature Information, page 1 Prerequisites for Configuring the Switch for Secure Shell (SSH) and Secure Copy Protocol (SCP), page 1 Restrictions for Configuring the ControllerDevice for SSH, page

More information

HTTP 1.1 Web Server and Client

HTTP 1.1 Web Server and Client HTTP 1.1 Web Server and Client Last Updated: October 12, 2011 The HTTP 1.1 Web Server and Client feature provides a consistent interface for users and applications by implementing support for HTTP 1.1

More information

Configuring a Basic Wireless LAN Connection

Configuring a Basic Wireless LAN Connection This module describes how to configure a wireless LAN (WLAN) connection between a wireless device, such as a laptop computer or mobile phone, and a Cisco 800, 1800 (fixed and modular), 2800, or 3800 series

More information

Autosense for ATM PVCs and MUX SNAP Encapsulation

Autosense for ATM PVCs and MUX SNAP Encapsulation Autosense for ATM PVCs and MUX SNAP Encapsulation The PPPoA/PPPoE Autosense for ATM PVCs feature enables a router to distinguish between incoming PPP over ATM (PPPoA) and PPP over Ethernet (PPPoE) over

More information

Cisco Voice Applications OID MIB

Cisco Voice Applications OID MIB Cisco Voice Applications OID MIB The Cisco Voice Applications OID MIB (ciscovoiceapplicationsoidmib) defines the object identifiers (OIDs) that are assigned to various Cisco voice applications, such as

More information

OSP URL Command Change

OSP URL Command Change OSP URL Command Change Feature History Release 12.2(2)XU Modification This feature was introduced. This document describes the OSP URL Command Change feature in and includes the following sections: Feature

More information

HTTP 1.1 Web Server and Client

HTTP 1.1 Web Server and Client HTTP 1.1 Web Server and Client Finding Feature Information HTTP 1.1 Web Server and Client Last Updated: June 01, 2011 The HTTP 1.1 Web Server and Client feature provides a consistent interface for users

More information

Memory Threshold Notifications

Memory Threshold Notifications The feature allows you to reserve memory for critical notifications and to configure a router to issue notifications when available memory falls below a specified threshold. Finding Feature Information,

More information

RADIUS Change of Authorization

RADIUS Change of Authorization The (CoA) feature provides a mechanism to change the attributes of an authentication, authorization, and accounting (AAA) session after it is authenticated. When a policy changes for a user or user group

More information

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH) Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information About Configuring Secure Shell, page 2 How to Configure Secure Shell, page 4 Monitoring

More information

Configuring User Accounts and RBAC

Configuring User Accounts and RBAC 7 CHAPTER This chapter describes how to configure user accounts and role-based access control (RBAC) on NX-OS devices. This chapter includes the following sections: Information About User Accounts and

More information

Implementing Management Plane Protection

Implementing Management Plane Protection The Management Plane Protection (MPP) feature in Cisco IOS XR software provides the capability to restrict the interfaces on which network management packets are allowed to enter a device. The MPP feature

More information

Secure Shell Version 2 Support

Secure Shell Version 2 Support Secure Shell Version 2 Support Last Updated: January 16, 2012 The Secure Shell Version 2 Support feature allows you to configure Secure Shell (SSH) Version 2. SSH runs on top of a reliable transport layer

More information

Cisco IOS Login Enhancements-Login Block

Cisco IOS Login Enhancements-Login Block The Cisco IOS Login Enhancements (Login Block) feature allows users to enhance the security of a router by configuring options to automatically block further login attempts when a possible denial-of-service

More information

IEEE 802.1X with ACL Assignments

IEEE 802.1X with ACL Assignments The feature allows you to download access control lists (ACLs), and to redirect URLs from a RADIUS server to the switch, during 802.1X authentication or MAC authentication bypass of the host. It also allows

More information

Multiprotocol Label Switching (MPLS) on Cisco Routers

Multiprotocol Label Switching (MPLS) on Cisco Routers Multiprotocol Label Switching (MPLS) on Cisco Routers Feature History Release 11.1CT 12.1(3)T 12.1(5)T 12.0(14)ST 12.0(21)ST 12.0(22)S Modification The document introduced MPLS and was titled Tag Switching

More information

VPDN Group Session Limiting

VPDN Group Session Limiting VPDN Group Session Limiting Feature History Release 12.2(1)DX 12.2(2)DD 12.2(4)B 12.2(27)SB Modification This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(2)DD. This

More information

Remote Access MPLS-VPNs

Remote Access MPLS-VPNs First Published: August 12, 2002 Last Updated: May 4, 2009 The feature allows the service provider to offer a scalable end-to-end Virtual Private Network (VPN) service to remote users. This feature integrates

More information

PPPoE Session Limit per NAS Port

PPPoE Session Limit per NAS Port PPPoE Session Limit per NAS Port First Published: March 17, 2003 Last Updated: February 28, 2006 The PPPoE Session Limit per NAS Port feature enables you to limit the number of PPP over Ethernet (PPPoE)

More information

Cisco MICA Modem Dial Modifiers for Cisco AS5300 and AS5800 Universal Access Servers

Cisco MICA Modem Dial Modifiers for Cisco AS5300 and AS5800 Universal Access Servers Cisco MICA Modem Dial Modifiers for Cisco AS5300 and AS5800 Universal Access Servers June 22, 2001 This feature module describes dial modifier support for Cisco MICA modems through enhanced Cisco MICA

More information

RADIUS Logical Line ID

RADIUS Logical Line ID The feature, also known as the Logical Line Identification (LLID) Blocking feature enables administrators to track their customers on the basis of the physical lines on which customer calls originate.

More information

Area Command in Interface Mode for OSPFv2

Area Command in Interface Mode for OSPFv2 This document describes how to enable Open Shortest Path First version 2 (OSPFv2) on a per-interface basis to simplify the configuration of unnumbered interfaces. The ip ospf area command allows you to

More information

tacacs-server administration through title-color

tacacs-server administration through title-color tacacs-server administration through title-color tacacs server, page 4 tacacs-server administration, page 6 tacacs-server directed-request, page 7 tacacs-server dns-alias-lookup, page 9 tacacs-server domain-stripping,

More information

Configuring IP SLAs TCP Connect Operations

Configuring IP SLAs TCP Connect Operations This module describes how to configure an IP Service Level Agreements (SLAs) TCP Connect operation to measure the response time taken to perform a TCP Connect operation between a Cisco router and devices

More information

RADIUS Tunnel Attribute Extensions

RADIUS Tunnel Attribute Extensions The feature allows a name to be specified (other than the default) for the tunnel initiator and the tunnel terminator in order to establish a higher level of security when setting up VPN tunneling. Finding

More information

Implementing Management Plane Protection on Cisco IOS XR Software

Implementing Management Plane Protection on Cisco IOS XR Software Implementing Management Plane Protection on Cisco IOS XR Software The Management Plane Protection (MPP) feature in Cisco IOS XR software provides the capability to restrict the interfaces on which network

More information

BGP Enforce the First Autonomous System Path

BGP Enforce the First Autonomous System Path BGP Enforce the First Autonomous System Path The BGP Enforce the First Autonomous System Path feature is used to configure a Border Gateway Protocol (BGP) routing process to discard updates received from

More information

Configuring TACACS+ Information About TACACS+ Send document comments to CHAPTER

Configuring TACACS+ Information About TACACS+ Send document comments to CHAPTER 4 CHAPTER This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on NX-OS devices. This chapter includes the following sections: Information

More information

Configuring Authentication, Authorization, and Accounting

Configuring Authentication, Authorization, and Accounting Configuring Authentication, Authorization, and Accounting This chapter contains the following sections: Information About AAA, page 1 Prerequisites for Remote AAA, page 5 Guidelines and Limitations for

More information

Implementing RIP for IPv6

Implementing RIP for IPv6 Implementing RIP for IPv6 This module describes how to configure Routing Information Protocol for IPv6. RIP is a distance-vector routing protocol that uses hop count as a routing metric. RIP is an Interior

More information

IP Overlapping Address Pools

IP Overlapping Address Pools The feature improves flexibility in assigning IP addresses dynamically. This feature allows you to configure overlapping IP address pool groups to create different address spaces and concurrently use the

More information

Cisco Mobile Networks Tunnel Templates for Multicast

Cisco Mobile Networks Tunnel Templates for Multicast Cisco Mobile Networks Tunnel Templates for Multicast The Cisco Mobile Networks--Tunnel Templates for Multicast feature allows the configuration of multicast on statically created tunnels to be applied

More information

BGP NSF Awareness. Finding Feature Information

BGP NSF Awareness. Finding Feature Information Nonstop Forwarding (NSF) awareness allows a device to assist NSF-capable neighbors to continue forwarding packets during a Stateful Switchover (SSO) operation. The feature allows an NSF-aware device that

More information

OSPF Limit on Number of Redistributed Routes

OSPF Limit on Number of Redistributed Routes Open Shortest Path First (OSPF) supports a user-defined maximum number of prefixes (routes) that are allowed to be redistributed into OSPF from other protocols or other OSPF processes. Such a limit could

More information

RADIUS NAS-IP-Address Attribute Configurability

RADIUS NAS-IP-Address Attribute Configurability RADIUS NAS-IP-Address Attribute The RADIUS NAS-IP-Address Attribute feature allows you to configure an arbitrary IP address to be used as RADIUS attribute 4, NAS-IP-Address, without changing the source

More information

Firewall Authentication Proxy for FTP and Telnet Sessions

Firewall Authentication Proxy for FTP and Telnet Sessions Firewall Authentication Proxy for FTP and Telnet Sessions Last Updated: January 18, 2012 Before the introduction of the Firewall Authentication Proxy for FTP and Telnet Sessions feature, users could enable

More information

OSPF Incremental SPF

OSPF Incremental SPF OSPF Incremental SPF The Open Shortest Path First (OSPF) protocol can be configured to use an incremental SPF algorithm for calculating the shortest path first routes. Incremental SPF is more efficient

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback