RADIUS Configuration. Overview. Introduction to RADIUS. Client/Server Model
|
|
- Marilynn Boyd
- 5 years ago
- Views:
Transcription
1 Table of Contents RADIUS Configuration 1 Overview 1 Introduction to RADIUS 1 Client/Server Model 1 Security and Authentication Mechanisms 2 Basic Message Exchange Process of RADIUS 2 RADIUS Packet Format 3 Extended RADIUS Attributes 6 Protocols and Standards 6 Configuring RADIUS 6 Configuration Task List 6 Configuring the RADIUS Servers 7 Configuring RADIUS Parameters 8 RADIUS Configuration Example 12 Configuration Guidelines 19 i
2 RADIUS Configuration Overview The Remote Authentication Dial-In User Service (RADIUS) protocol is for implementing Authentication, Authorization, and Accounting (AAA). Introduction to RADIUS RADIUS is a distributed information interaction protocol using the client/server model. RADIUS can protect networks against unauthorized access and is often used in network environments where both high security and remote user access are required. RADIUS uses UDP, and its packet format and message transfer mechanism are based on UDP. It uses UDP port 1812 for authentication and 1813 for accounting. RADIUS was originally designed for dial-in user access. With the diversification of access methods, RADIUS has been extended to support more access methods, for example, Ethernet access and ADSL access. It uses authentication and authorization in providing access services and uses accounting to collect and record usage information of network resources. Client/Server Model Client: The RADIUS client runs on the NASs located throughout the network. It passes user information to designated RADIUS servers and acts on the responses (for example, rejects or accepts user access requests). Server: The RADIUS server runs on the computer or workstation at the network center and maintains information related to user authentication and network service access. It listens to connection requests, authenticates users, and returns the processing results (for example, rejecting or accepting the user access request) to the clients. In general, the RADIUS server maintains three databases, namely, Users, Clients, and Dictionary, as shown in Figure 1. Figure 1 RADIUS server components Users: Stores user information such as the usernames, passwords, applied protocols, and IP addresses. Clients: Stores information about RADIUS clients, such as the shared keys and IP addresses. Dictionary: Stores information about the meanings of RADIUS protocol attributes and their values. 1
3 Security and Authentication Mechanisms Information exchanged between a RADIUS client and the RADIUS server is authenticated with a shared key, which is never transmitted over the network. This enhances the information exchange security. In addition, to prevent user passwords from being intercepted on insecure networks, RADIUS encrypts passwords before transmitting them. A RADIUS server supports multiple user authentication methods, for example, the Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) of the Point-to-Point Protocol (PPP). Moreover, a RADIUS server can act as the client of another AAA server to provide authentication proxy services. Basic Message Exchange Process of RADIUS Figure 2 illustrates the interaction of the host, the RADIUS client, and the RADIUS server. Figure 2 Basic message exchange process of RADIUS The following is how RADIUS operates: 1. The host initiates a connection request carrying the username and password to the RADIUS client. 2. Having received the username and password, the RADIUS client sends an authentication request (Access-Request) to the RADIUS server, with the user password encrypted by using the Message-Digest 5 (MD5) algorithm and the shared key. 3. The RADIUS server authenticates the username and password. If the authentication succeeds, it sends back an Access-Accept message containing the user s authorization information. If the authentication fails, it returns an Access-Reject message. 4. The RADIUS client permits or denies the user according to the returned authentication result. If it permits the user, it sends a start-accounting request (Accounting-Request) to the RADIUS server. 2
4 5. The RADIUS server returns a start-accounting response (Accounting-Response) and starts accounting. 6. The user accesses the network resources. 7. The host requests the RADIUS client to tear down the connection and the RADIUS client sends a stop-accounting request (Accounting-Request) to the RADIUS server. 8. The RADIUS server returns a stop-accounting response (Accounting-Response) and stops accounting for the user. 9. The user stops access to network resources. RADIUS Packet Format RADIUS uses UDP to transmit messages. It ensures the smooth message exchange between the RADIUS server and the client through a series of mechanisms, including the timer management mechanism, retransmission mechanism, and slave server mechanism. Figure 3 shows the RADIUS packet format. Figure 3 RADIUS packet format Descriptions of the fields are as follows: 1. The Code field (1-byte long) is for indicating the type of the RADIUS packet. Table 1 gives the possible values and their meanings. Table 1 Main values of the Code field Code Packet type Description 1 Access-Request From the client to the server. A packet of this type carries user information for the server to authenticate the user. It must contain the User-Name attribute and can optionally contain the attributes of NAS-IP-Address, User-Password, and NAS-Port. 2 Access-Accept From the server to the client. If all the attribute values carried in the Access-Request are acceptable, that is, the authentication succeeds, the server sends an Access-Accept response. 3 Access-Reject From the server to the client. If any attribute value carried in the Access-Request is unacceptable, the server rejects the user and sends an Access-Reject response. 4 Accounting-Request From the client to the server. A packet of this type carries user information for the server to start/stop accounting for the user. It contains the Acct-Status-Type attribute, which indicates whether the server is requested to start the accounting or to end the accounting. 3
5 Code Packet type Description 5 Accounting-Response From the server to the client. The server sends to the client a packet of this type to notify that it has received the Accounting-Request and has correctly started recording the accounting information The Identifier field (1-byte long) is for matching request packets and response packets and detecting retransmitted request packets. The request and response packets of the same type have the same identifier. 3. The Length field (2-byte long) indicates the length of the entire packet, including the Code, Identifier, Length, Authenticator, and Attribute fields. The value of the field is in the range 20 to Bytes beyond the length are considered the padding and are neglected upon reception. If the length of a received packet is less than that indicated by the Length field, the packet is dropped. 4. The Authenticator field (16-byte long) is used to authenticate replies from the RADIUS server, and is also used in the password hiding algorithm. There are two kinds of authenticators: request authenticator and response authenticator. 5. The Attribute field, with a variable length, carries the specific authentication, authorization, and accounting information for defining configuration details of the request or response. This field is represented in triplets of Type, Length, and Value. Type: One byte, in the range 1 to 255. It indicates the type of the attribute. Commonly used attributes for RADIUS authentication, authorization and accounting are listed in Table 2. Length: One byte for indicating the length of the attribute in bytes, including the Type, Length, and Value fields. Value: Value of the attribute, up to 253 bytes. Its format and content depend on the Type and Length fields. Table 2 RADIUS attributes No. Attribute No. Attribute 1 User-Name 45 Acct-Authentic 2 User-Password 46 Acct-Session-Time 3 CHAP-Password 47 Acct-Input-Packets 4 NAS-IP-Address 48 Acct-Output-Packets 5 NAS-Port 49 Acct-Terminate-Cause 6 Service-Type 50 Acct-Multi-Session-Id 7 Framed-Protocol 51 Acct-Link-Count 8 Framed-IP-Address 52 Acct-Input-Gigawords 9 Framed-IP-Netmask 53 Acct-Output-Gigawords 10 Framed-Routing 54 (unassigned) 11 Filter-ID 55 Event-Timestamp 12 Framed-MTU (unassigned) 13 Framed-Compression 60 CHAP-Challenge 14 Login-IP-Host 61 NAS-Port-Type 4
6 No. Attribute No. Attribute 15 Login-Service 62 Port-Limit 16 Login-TCP-Port 63 Login-LAT-Port 17 (unassigned) 64 Tunnel-Type 18 Reply_Message 65 Tunnel-Medium-Type 19 Callback-Number 66 Tunnel-Client-Endpoint 20 Callback-ID 67 Tunnel-Server-Endpoint 21 (unassigned) 68 Acct-Tunnel-Connection 22 Framed-Route 69 Tunnel-Password 23 Framed-IPX-Network 70 ARAP-Password 24 State 71 ARAP-Features 25 Class 72 ARAP-Zone-Access 26 Vendor-Specific 73 ARAP-Security 27 Session-Timeout 74 ARAP-Security-Data 28 Idle-Timeout 75 Password-Retry 29 Termination-Action 76 Prompt 30 Called-Station-Id 77 Connect-Info 31 Calling-Station-Id 78 Configuration-Token 32 NAS-Identifier 79 EAP-Message 33 Proxy-State 80 Message-Authenticator 34 Login-LAT-Service 81 Tunnel-Private-Group-id 35 Login-LAT-Node 82 Tunnel-Assignment-id 36 Login-LAT-Group 83 Tunnel-Preference 37 Framed-AppleTalk-Link 84 ARAP-Challenge-Response 38 Framed-AppleTalk-Network 85 Acct-Interim-Interval 39 Framed-AppleTalk-Zone 86 Acct-Tunnel-Packets-Lost 40 Acct-Status-Type 87 NAS-Port-Id 41 Acct-Delay-Time 88 Framed-Pool 42 Acct-Input-Octets 89 (unassigned) 43 Acct-Output-Octets 90 Tunnel-Client-Auth-id 44 Acct-Session-Id 91 Tunnel-Server-Auth-id NOTE: The attribute types listed in Table 2 are defined by RFC 2865, RFC 2866, RFC 2867, and RFC
7 Extended RADIUS Attributes The RADIUS protocol features excellent extensibility. Attribute 26 (Vender-Specific) defined by RFC 2865 allows a vender to define extended attributes to implement functions that the standard RADIUS protocol does not provide. A vendor can encapsulate multiple type-length-value (TLV) sub-attributes in RADIUS packets for extension in applications. As shown in Figure 4, a sub-attribute that can be encapsulated in Attribute 26 consists of the following four parts: Vendor-ID (four bytes): Indicates the ID of the vendor. Its most significant byte is 0 and the other three bytes contain a code complying with RFC The vendor ID of H3C is Vendor-Type: Indicates the type of the sub-attribute. Vendor-Length: Indicates the length of the sub-attribute. Vendor-Data: Indicates the contents of the sub-attribute. Figure 4 Segment of a RADIUS packet containing an extended attribute Protocols and Standards The protocols and standards related to RADIUS include: RFC 2865: Remote Authentication Dial In User Service (RADIUS) RFC 2866: RADIUS Accounting RFC 2867: RADIUS Accounting Modifications for Tunnel Protocol Support RFC 2868: RADIUS Attributes for Tunnel Protocol Support RFC 2869: RADIUS Extensions Configuring RADIUS Configuration Task List NOTE: The RADIUS scheme configured through the Web interface is named system. By default, there is no RADIUS scheme named system in the system. When you select any item under User > RADIUS from the navigation tree to enter the page of the item, the system will automatically create a scheme named system. Table 3 lists the RADIUS configuration steps: 6
8 Table 3 RADIUS configuration steps Task Configuring the RADIUS Servers Remarks The authentication server configuration is required while the accounting server configuration is optional. This section describes how to specify the primary and the secondary RADIUS authentication/accounting servers. By default, no server is specified. IMPORTANT: It is recommended to configure only the primary RADIUS authentication/accounting server if no backup is needed. Configuring RADIUS Parameters Optional This section describes how to configure the parameters that are necessary for information exchange between the device and RADIUS server. Configuring the RADIUS Servers From the navigation tree, select User > RADIUS > Server Configuration to enter the RADIUS server configuration interface, as shown in Figure 5. Figure 5 RADIUS server configuration Table 4 lists the RADIUS server configuration items. Table 4 RADIUS server configuration Item Server Type Description Type of the RADIUS server to be configured, including Authentication Server and Accounting Sever 7
9 Item Description IP address of the primary server If no primary server is specified, the text box displays Primary Server IP If you enter , it means that the previously configured primary server is to be removed. The IP address of the primary server cannot be the same as that of the secondary server. UDP port of the primary server Primary Server UDP Port Before you specify the IP address of the primary server or after you remove the primary server IP address, the port number is 1812 for authentication or 1813 for accounting. As RADIUS uses different UDP ports for authentication and accounting, you need to specify different UDP ports for the two functions. Primary Server Status Status of the primary server, including: Active: The server is working normally. Blocked: The server is down. Before you specify the IP address of the primary server or after you remove the primary server IP address, the status is blocked. IP address of the secondary server If no secondary server is specified, the text box displays Secondary Server IP If you enter , it means to remove the previously configured primary server. The IP address of the secondary server cannot be the same as that of the primary server. UDP port of the secondary server Secondary Server UDP Port Before you specify the IP address of the primary server or after you remove the primary server IP address, the port number is 1812 for authentication or 1813 for accounting. As RADIUS uses different UDP ports for authentication and accounting, you need to specify different UDP ports for the two functions. Secondary Server Status Status of the secondary server, including: Active: The server is working normally. Blocked: The server is down. If the IP address of the secondary server is not specified or the specified IP address is to be removed, the status is blocked. Return to RADIUS configuration steps. Configuring RADIUS Parameters From the navigation tree, select User > RADIUS > Parameter Configuration to enter the RADIUS parameter configuration interface, as shown in Figure 6. 8
10 Figure 6 RADIUS parameter configuration Table 5 lists the RADIUS parameters. Table 5 RADIUS parameters Item Server Type Description Select the type of the RADIUS server supported by the device, including: extended: Specifies an extended RADIUS server (usually a CAMS or imc server). That is, the RADIUS client and RADIUS server communicate using the proprietory RADIUS protocol and packet format. standard: Specifies a standard RADIUS server. That is, the RADIUS client and RADIUS server communicate using the standard RADIUS protocol and packet format defined in RFC 2138/2139 or later. 9
11 Item Authentication Server Shared Key Confirm Authentication Shared Key Accounting Server Shared Key Confirm Accounting Shared Key NAS-IP Description Specify the shared key for the RADIUS authentication packets and that for the RADIUS accounting packets. The RADIUS client and RADIUS authentication/accounting server use MD5 to encrypt RADIUS packets, and they verify the validity of packets through the specified shared key. Only if the shared key of the client and that of the server are the same, will the client and server receive and respond to packets from each other. IMPORTANT: The shared keys specified on the device must be consistent with those configured on the RADIUS servers. Specify the source IP address for the device to use in RADIUS packets to be sent to the RADIUS server. It is recommended to use a loopback interface address instead of a physical interface address as the source IP address, because if the physical interface is down, the response packets from the server cannot reach the device. Timeout Interval Timeout Retransmission Times Set the RADIUS server response timeout Set the maximum number of transmission attempts IMPORTANT: The upper limit of the product of the timeout value and the number of retransmission attempts of an access module is the timeout time of the access module and cannot exceed 75 seconds. For example, for voice access and Telnet access, as the timeout time of voice access is 10 seconds and that of Telnet access is 30 seconds, the product cannot exceed 10 and 30 seconds (exclusive); otherwise, the stop accounting packets cannot be buffered and the primary and secondary servers cannot switch over normally. Realtime-Accounting Interval Realtime-Accounting Packet Retransmission Times Set the real-time accounting interval, whose value must be n times 3 (n is an integer). To implement real-time accounting on users, it is necessary to set the real-time accounting interval. After this parameter is specified, the device will send the accounting information of online users to the RADIUS server every the specified interval. The value of the real-time accounting interval is related to the requirement on the performance of the NAS and RADIUS server. The smaller the value, the higher the requirement. It is recommended to set a large value if the number of users is equal to or larger than Table 6 shows the relationship between the interval value and the number of users. Set the maximum number of real-time accounting request retransmission times. When the number of non-responded real-time accounting requests sent by the device to the RADIUS server exceeds this number, the device will cut off the user connection. 10
12 Item Description Enable or disable buffering of stop-accounting requests without responses in the device. Stop-Accounting Buffer Stop-Accounting Packet Retransmission Times Quiet Interval If the device does not receive the response of a stop-accounting request from the RADIUS server and stop-accounting buffering is enabled on the device, the device will buffer the request and retransmit it to the RADIUS server repeatedly until it receives the response or, when the retransmission maximum number specified by the Stop-Accounting Packet Retransmission Times parameter is reached, drops the request. Set the maximum number of transmission attempts after no response is received for the stop-accounting packet Specify the interval the RADIUS servers have to wait before being active. Set the format of username sent to the RADIUS server. A username is generally in the format of userid@isp-name, of which isp-name is used by the device to determine the ISP domain to which a user belongs. If a RADIUS server (such as a RADIUS server of some early version) does not accept a username including an ISP domain name, you can configure the device to remove the domain name of a username before sending it to the RADIUS server. Username Format without-domain: Specifies to remove the domain name of a username that is to be sent to the RADIUS server. with-domain: Specifies to keep the domain name of a username that is to be sent to the RADIUS server. IMPORTANT: If you specify the username format as without domain in a RADIUS scheme, do not apply the scheme to two or more ISP domains. Otherwise, the RADIUS server will consider that two users with the same user ID but in different domains as the same user. This is because the usernames sent to the RADIUS server are the same. Unit for Data Flows Specify the unit for data flows sent to the RADIUS server, which can be: byte kilo-byte mega-byte giga-byte IMPORTANT: The unit in which the device sends data flows to the RADIUS server must be consistent with that specified on the RADIUS server. Otherwise, the accounting results will be incorrect. Unit for Packets Specify the unit for data packets sent to the RADIUS server, which can be one-packet kilo-packet mega-packet giga-packet IMPORTANT: The unit in which the device sends packets to the RADIUS server must be consistent with that specified in the RADIUS server. Otherwise, the accounting results will be incorrect. 11
13 Item EAD Offload Function Description Enable or disable the EAP offload function. As some RADIUS servers do not support EAP authentication, that is, do not support processing EAP packets, it is necessary to preprocess EAP packets sent from clients on the access device. The preprocessing of EAP packets is referred to as EAP offload for RADIUS. After receiving an EAP packet, the access device enabled with the EAP offload function will first convert the authentication information in the EAP packet into the corresponding RADIUS attributes through the local EAP server, then encapsulate the EAP packet into a RADIUS request and send the request to the RADIUS server for authentication. When the RADIUS server receives the request, it will analyze the carried authentication information, encapsulate the authentication result in the RADIUS packet, and then send the packet to the local EAP server on the access device for subsequent interaction with the client. IMPORTANT: Because the EAP packet preprocessing is implemented through the local EAP authentication server, it is required to configure the local EAP authentication server on the access device, specifying the EAP authentication method as PEAP-MSCHAPv2. Table 6 Relationship between the real-time accounting interval and the number of users Number of users Real-time accounting interval (in minutes) 1 to to to ƒ1000 ƒ15 Return to RADIUS configuration steps. RADIUS Configuration Example Network requirements As shown in Figure 7, connect the Telnet user to the device and the device to the RADIUS server. Run the CAMS/iMC Server on the RADIUS server to provide authentication, authorization, and accounting services for Telnet users. The IP address of the RADIUS server is /24. Set the shared keys for authentication, authorization, and accounting packets exchanged between the device and the RADIUS server to expert and specify the ports for authentication/authorization and accounting as 1812 and 1813 respectively. Specify that a username sent to the RADIUS server carries the domain name. Add an account on the RADIUS server, with the username and password being hello@bbb and abc. Configure to authorize the Telnet user logging in using the account with the privilege level of 3. 12
14 Figure 7 Network diagram for RADIUS configuration RADIUS server /24 Telnet user /24 GE0/ /24 Device GE0/ /24 Internet Configuration procedure Step1 Configure the RADIUS server When the RADIUS server runs CAMS: NOTE: This example assumes that the RADIUS server runs CAMS Server Version 2.10-R0210. # Add an access device. Log into the CAMS management platform and select System Management > System Configuration from the navigation tree. In the System Configuration window, click Modify of the Access Device item, and then click Add to enter the Add Access Device window and perform the following configurations as shown in Figure 8: Figure 8 Add an access device Specify the IP address of the device as Set both the shared keys for authentication and accounting packets to expert. Select Device Management Service as the service type. Specify the ports for authentication and accounting as 1812 and 1813 respectively. 13
15 Select Extensible Protocol as the protocol type. Select Standard as the RADIUS packet type. Click OK. # Add a user for device management. From the navigation tree, select User Management > User for Device Management, and then in the right pane, click Add to enter the Add Account window and perform the following configurations, as shown in Figure 9: Figure 9 Add an account for device management Add a user named hello@bbb. Specify the password as abc and confirm the password. Select Telnet as the service type. Set the EXEC privilege level to 3. This value identifies the privilege level of the Telnet user after login, which is 0 by default. Specify the IP address range of the hosts to be managed as to , and click Add. Click OK to finish the operation. When the RADIUS server runs imc: NOTE: This example assumes that the RADIUS server runs imc PLAT 3.20-R2602 and imc UAM 3.60-E6102. # Add an access device. Log into the imc management platform, select the Service tab, and select Access Service > Service Configuration from the navigation tree to enter the Service Configuration page. Then, click Add to enter the Add Access Device page and perform the following configurations, as shown in Figure 10: 14
16 Figure 10 Add an access device Set the shared keys for authentication and accounting packets to expert Specify the ports for authentication and accounting as 1812 and 1813 respectively Select Device Management Service as the service type Select H3C as the access device type Select the access device from the device list or manually add the device with the IP address of Click OK to finish the operation. NOTE: The IP address of the access device must be the same as the source IP address of the RADIUS packets sent from the device. By default, the source IP address of a RADIUS packet is the IP address of the interface through which the packet is sent out. # Add a user for device management. Log into the imc management platform, select the User tab, and select Access User View > All Access Users from the navigation tree to enter the All Access Users page. Then, click Add to enter the Add Device Management User page and perform the following configurations, as shown in Figure 11: 15
17 Figure 11 Add an account for device management Add a user named hello@bbb Specify the password as abc and confirm the password Select Telnet as the service type Set the EXEC privilege level to 3. This value identifies the privilege level of the Telnet user after login, which is 0 by default. Click Add in the IP address list of managed devices, and then specify the IP address range of the hosts to be managed as to Click OK to finish the operation. NOTE: The IP address range of the hosts to be managed must contain the IP address of the access device added. Step2 Configure the device # Configure the IP address and security zone of each interface. (Omitted) # Configure the RADIUS authentication and accounting servers. From the navigation tree, select User > RADIUS > Server Configuration. Perform the configurations shown in Figure 12 and Figure
18 Figure 12 Configure the RADIUS authentication server Figure 13 Configure the RADIUS accounting server Select Authentication Server as the server type. Enter as the IP address of the primary server, and 1812 as the UDP port. Select active as the primary server status. Click Apply to finish the configuration. Select Accounting Server as the server type. Enter as the IP address of the primary server, and 1813 as the UDP port. Select active as the primary server status. Click Apply to finish the configuration. # Configure the parameters for communication between the device and the RADIUS server: From the navigation tree, select User > RADIUS > Parameter Configuration. Perform the configurations shown in Figure 14: 17
19 Figure 14 Configure the scheme for communication between the device and the RADIUS server Select extended as the server type. Select the Authentication Server Shared Key check box and enter expert in the text box. Enter expert in the Confirm Authentication Shared Key text box. Select the Accounting Server Shared Key check box and enter expert in the text box. Enter expert in the Confirm Accounting Shared Key text box. Select with-domain for the username format. Click Apply to finish the configuration. Perform the following configuration in the command line interface of the device: # Enable the Telnet service on the device. [Device] telnet server enable # Configure the device to use AAA for Telnet users. [Device] user-interface vty 0 4 [Device-ui-vty0-4] authentication-mode scheme [Device-ui-vty0-4] quit # Configure the AAA methods for domain bbb. As RADIUS authorization information is sent to the RADIUS client in the authentication response messages, be sure to reference the same scheme for user authentication and authorization. [Device] domain bbb [Device-isp-bbb] authentication login radius-scheme system 18
20 Verification [Device-isp-bbb] authorization login radius-scheme system [Device-isp-bbb] accounting login radius-scheme system [Device-isp-bbb] quit // You can achieve the same result by configuring default AAA methods for all types of users in domain bbb. (You can use either approach as needed) [Device] domain bbb [Device-isp-bbb] authentication default radius-scheme system [Device-isp-bbb] authorization default radius-scheme system [Device-isp-bbb] accounting default radius-scheme system After the above configuration, the Telnet user should be able to telnet to the device and use the configured account (username and password abc) to enter the user interface of the device, and access all the commands of level 0 to level 3. Configuration Guidelines When configuring the RADIUS client, note that: 1. The specified server status is dynamic information, which cannot be saved in the configuration file. After the device reboots, the status of servers becomes active. 2. At present, RADIUS does not support accounting for FTP users. 3. If the accounting server in use by online users is removed, the device cannot send real-time accounting requests and stop-accounting messages of the users to the server, and the stop-accounting messages are not buffered locally. 4. The system allows you to configure multiple secondary servers for a RADIUS scheme through CLI. On the web interface, the system displays the first secondary server in the scheme system. When you configure a secondary server on the web interface: If the specified IP address is , all secondary servers in the scheme system are deleted. If the specified IP address is not , and does not conflict with the IP addresses of the existing secondary servers, the first secondary server in the scheme is replaced by the one you specified. If the specified IP address is not , and conflicts with the IP address of an existing secondary server, the configuration fails. 5. For the primary and secondary servers (assume only one secondary server exists) in a RADIUS scheme, the device follows these rules to exchange packets with the servers: If the primary server and secondary server are in the same state, the device communicates with the primary server. If both the primary server and secondary server are in active state, the device communicates with the primary server. When the primary server becomes unavailable, the device sets the server s status to block and turns to the secondary server for communication. When the quiet timer expires, the device resumes the status of the primary server to active while keeping the status of the secondary server unchanged. In the case of authentication/authorization, the device resumes the communication with the primary server; in the case of accounting, however, the device keeps communicating with the secondary server no matter whether the primary server recovers or not. If one server is in active state and the other is in block state, the device only tries to communicate with the server in active state, even if the server is unavailable. 19
21 If both the primary server and secondary server are in block state, the device only communicates with the primary server. In this case, if the primary server is available or becomes available, the device will change the primary server s status to active. To use the secondary server for communication, you need to manually change the status of the secondary server to active; otherwise, no primary/secondary server switchover will take place. 20
Operation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 AAA/RADIUS/HWTACACS Over... 1-1 1.1.1 Introduction to AAA... 1-1 1.1.2 Introduction to RADIUS... 1-3 1.1.3 Introduction to HWTACACS... 1-9 1.1.4 Protocols
More informationTable of Contents 1 AAA Overview AAA Configuration 2-1
Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-2 Introduction to RADIUS 1-2
More informationTable of Contents 1 AAA Overview AAA Configuration 2-1
Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-3 Introduction to RADIUS 1-3
More informationHP 5120 SI Switch Series
HP 5120 SI Switch Series Security Configuration Guide Part number: 5998-1815 Software version: Release 1505 Document version: 6W102-20121111 Legal and notice information Copyright 2012 Hewlett-Packard
More informationHP A5820X & A5800 Switch Series Security. Configuration Guide. Abstract
HP A5820X & A5800 Switch Series Security Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures.
More informationH3C S5120-SI Series Ethernet Switches Security Configuration Guide
H3C S5120-SI Series Ethernet Switches Security Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Copyright 2003-2010, Hangzhou H3C Technologies Co., Ltd. and its licensors All
More informationRADIUS Attributes Overview and RADIUS IETF Attributes
RADIUS Attributes Overview and RADIUS IETF Attributes Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements
More informationElastic Charging Engine 11.3 RADIUS Gateway Protocol Implementation Conformance Statement Release 7.5
[1]Oracle Communications Billing and Revenue Management Elastic Charging Engine 11.3 RADIUS Gateway Protocol Implementation Conformance Statement Release 7.5 E72005-01 April 2016 Oracle Communications
More informationRADIUS Attributes Overview and RADIUS IETF Attributes
RADIUS Attributes Overview and RADIUS IETF Attributes First Published: March 19, 2001 Last Updated: September 23, 2009 Remote Authentication Dial-In User Service (RADIUS) attributes are used to define
More informationOperation Manual Security. Table of Contents
Table of Contents Table of Contents Chapter 1 802.1x Configuration... 1-1 1.1 802.1x Overview... 1-1 1.1.1 802.1x Standard Overview... 1-1 1.1.2 802.1x System Architecture... 1-1 1.1.3 802.1x Authentication
More informationRADIUS - QUICK GUIDE AAA AND NAS?
RADIUS - QUICK GUIDE http://www.tutorialspoint.com/radius/radius_quick_guide.htm Copyright tutorialspoint.com AAA AND NAS? Before you start learning about Radius, it is important that you understand: What
More information802.1x Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents
Table of Contents Table of Contents Chapter 1 802.1X Overview... 1-1 1.1 Introduction to 802.1X... 1-1 1.2 Features Configuration... 1-1 1.2.1 Global Configuration... 1-1 1.2.2 Configuration in Port View...
More informationOperation Manual Security. Table of Contents
Table of Contents Table of Contents Chapter 1 Network Security Overview... 1-1 1.1 Introduction to the Network Security Features Provided by CMW... 1-1 1.2 Hierarchical Line Protection... 1-2 1.3 RADIUS-Based
More informationHP Unified Wired-WLAN Products
HP Unified Wired-WLAN Products Security Configuration Guide HP 830 Unified Wired-WLAN PoE+ Switch Series HP 850 Unified Wired-WLAN Appliance HP 870 Unified Wired-WLAN Appliance HP 11900/10500/7500 20G
More informationRADIUS Attributes Configuration Guide
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationNetwork Working Group Request for Comments: 2059 Category: Informational January 1997
Network Working Group C. Rigney Request for Comments: 2059 Livingston Category: Informational January 1997 Status of this Memo RADIUS Accounting This memo provides information for the Internet community.
More informationTable of Contents X Configuration 1-1
Table of Contents 1 802.1X Configuration 1-1 802.1X Overview 1-1 Architecture of 802.1X 1-1 Authentication Modes of 802.1X 1-2 Basic Concepts of 802.1X 1-2 EAP over LAN 1-3 EAP over RADIUS 1-5 802.1X Authentication
More informationTable of Contents. 4 System Guard Configuration 4-1 System Guard Overview 4-1 Guard Against IP Attacks 4-1 Guard Against TCN Attacks 4-1
Table of Contents 1 802.1x Configuration 1-1 Introduction to 802.1x 1-1 Architecture of 802.1x Authentication 1-1 The Mechanism of an 802.1x Authentication System 1-3 Encapsulation of EAPoL Messages 1-3
More informationRADIUS Attributes. In This Appendix. RADIUS Attributes Overview. IETF Attributes Versus VSAs
RADIUS Attributes Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting elements in a user profile, which is stored on
More informationControlled/uncontrolled port and port authorization status
Contents 802.1X fundamentals 1 802.1X architecture 1 Controlled/uncontrolled port and port authorization status 1 802.1X-related protocols 2 Packet formats 2 EAP over RADIUS 4 Initiating 802.1X authentication
More informationNetwork Working Group Request for Comments: 2866 Category: Informational June 2000 Obsoletes: 2139
Network Working Group C. Rigney Request for Comments: 2866 Livingston Category: Informational June 2000 Obsoletes: 2139 Status of this Memo RADIUS Accounting This memo provides information for the Internet
More informationConfiguring RADIUS. Information About RADIUS. RADIUS Network Environments. Send document comments to
3 CHAPTER This chapter describes how to configure Remote Access Dial-In User Service (RADIUS) protocol on NX-OS devices. This chapter includes the following sections: Information About RADIUS, page 3-1
More informationConfiguring IEEE 802.1x Port-Based Authentication
CHAPTER 9 Configuring IEEE 802.1x Port-Based Authentication This chapter describes how to configure IEEE 802.1x port-based authentication on the Catalyst 2960 switch. IEEE 802.1x authentication prevents
More informationConfiguring Switch-Based Authentication
CHAPTER 7 This chapter describes how to configure switch-based authentication on the switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. This chapter consists
More informationRadius Configuration FSOS
FSOS Radius Configuration Contents 1. RADIUS Configuration... 1 1.1 Radius Overview...1 1.1.1 AAA Overview...1 1.1.2 AAA Realization...1 1.1.3 RADIUS Overview...2 1.2 RADIUS Configuration... 3 1.2.1 RADIUS
More informationConfiguring IEEE 802.1x Port-Based Authentication
CHAPTER 8 Configuring IEEE 802.1x Port-Based Authentication This chapter describes how to configure IEEE 802.1x port-based authentication on the switch. IEEE 802.1x authentication prevents unauthorized
More informationDiameter NASREQ Application. Status of this Memo. This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026.
AAA Working Group Pat R. Calhoun Internet-Draft Black Storm Networks Category: Standards Track William Bulley Merit Network, Inc. Allan C. Rubens Tut Systems, Inc.
More informationConfiguring Security for the ML-Series Card
19 CHAPTER Configuring Security for the ML-Series Card This chapter describes the security features of the ML-Series card. This chapter includes the following major sections: Understanding Security, page
More informationConfiguring RADIUS Servers
CHAPTER 7 This chapter describes how to enable and configure the Remote Authentication Dial-In User Service (RADIUS), that provides detailed accounting information and flexible administrative control over
More informationNetwork Working Group Request for Comments: D. Mitton RSA, Security Division of EMC B. Aboba Microsoft Corporation January 2008
Network Working Group Request for Comments: 5176 Obsoletes: 3576 Category: Informational M. Chiba G. Dommety M. Eklund Cisco Systems, Inc. D. Mitton RSA, Security Division of EMC B. Aboba Microsoft Corporation
More informationContents. Configuring SSH 1
Contents Configuring SSH 1 Overview 1 How SSH works 1 SSH authentication methods 2 SSH support for Suite B 3 FIPS compliance 3 Configuring the device as an SSH server 4 SSH server configuration task list
More informationthus, the newly created attribute is accepted if the user accepts attribute 26.
Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS
More informationOperation Manual 802.1x. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 802.1x Overview... 1-1 1.1.1 Architecture of 802.1x... 1-1 1.1.2 Operation of 802.1x... 1-3 1.1.3 EAP Encapsulation over LANs... 1-4 1.1.4 EAP Encapsulation
More informationNetwork Working Group Request for Comments: 2058 Category: Standards Track. Merit W. Simpson Daydreamer S. Willens. Livingston.
Network Working Group Request for Comments: 2058 Category: Standards Track C. Rigney Livingston A. Rubens Merit W. Simpson Daydreamer S. Willens Livingston January 1997 Status of this Memo Remote Authentication
More informationRADIUS Attributes. RADIUS IETF Attributes
Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS
More informationHPE IMC UAM 802.1X Authentication and ACL Based Access Control Configuration Examples
HPE IMC UAM 802.1X Authentication and ACL Based Access Control Configuration Examples Part Number: 5200-1368 Software version: IMC UAM 7.2 (E0406) Document version: 2 The information in this document is
More informationNetwork Working Group Request for Comments: Category: Standards Track Merit W. Simpson Daydreamer June 2000
Network Working Group Request for Comments: 2865 Obsoletes: 2138 Category: Standards Track C. Rigney S. Willens Livingston A. Rubens Merit W. Simpson Daydreamer June 2000 Status of this Memo Remote Authentication
More informationthus, the newly created attribute is accepted if the user accepts attribute 26.
Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements in a user profile, which is stored on the RADIUS
More informationConfiguring IEEE 802.1x Port-Based Authentication
CHAPTER 10 Configuring IEEE 802.1x Port-Based Authentication IEEE 802.1x port-based authentication prevents unauthorized devices (clients) from gaining access to the network. Unless otherwise noted, the
More informationL2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application
Table of Contents L2TP Configuration 1 L2TP Overview 1 Introduction 1 Typical L2TP Networking Application 1 Basic Concepts of L2TP 2 L2TP Tunneling Modes and Tunnel Establishment Process 4 L2TP Features
More informationConfiguring RADIUS and TACACS+ Servers
CHAPTER 13 This chapter describes how to enable and configure the Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+), that provides
More informationTable of Contents X Configuration 1-1
Table of Contents 1 802.1X Configuration 1-1 802.1X Overview 1-1 Architecture of 802.1X 1-2 Authentication Modes of 802.1X 1-2 Basic Concepts of 802.1X 1-3 EAP over LAN 1-4 EAP over RADIUS 1-5 802.1X Authentication
More informationRADIUS Attributes Configuration Guide, Cisco IOS Release 12.2SX
RADIUS Attributes Configuration Guide, Cisco IOS Release 12.2SX Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS
More informationRADIUS Attributes Configuration Guide, Cisco IOS Release 15S
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationCisco Prime Optical 9.5 Basic External Authentication
Cisco Prime Optical 9.5 Basic External Authentication June 6, 2012 This document describes the basic external authentication functionality in Cisco Prime Optical 9.5 running on a Solaris server. External
More informationHWTACACS Technology White Paper
S Series Switches HWTACACS Technology White Paper Issue 1.0 Date 2015-08-08 HUAWEI TECHNOLOGIES CO., LTD. 2015. All rights reserved. No part of this document may be reproduced or transmitted in any form
More informationHPE FlexFabric 5950 Switch Series
HPE FlexFabric 5950 Switch Series Security Configuration Guide Part number: 5200-0833 Software version: Release 6106 and later Document version: 6W100-20160513 Copyright 2016 Hewlett Packard Enterprise
More informationConfiguring Authorization
Configuring Authorization AAA authorization enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user
More informationConfiguring Port-Based and Client-Based Access Control (802.1X)
9 Configuring Port-Based and Client-Based Access Control (802.1X) Contents Overview..................................................... 9-3 Why Use Port-Based or Client-Based Access Control?............
More informationApplication Note. Using RADIUS with G6 Devices
Using RADIUS with G6 Devices MICROSENS GmbH & Co. KG Küferstr. 16 59067 Hamm/Germany Tel. +49 2381 9452-0 FAX +49 2381 9452-100 E-Mail info@microsens.de Web www.microsens.de Summary This Application Note
More informationConfiguring Security on the GGSN
CHAPTER 12 This chapter describes how to configure security features on the gateway GPRS support node (GGSN), including Authentication, Authorization, and Accounting (AAA), and RADIUS. IPSec on the Cisco
More informationRequest for Comments: D. Spence Consultant D. Mitton Circular Networks August Diameter Network Access Server Application
Network Working Group Request for Comments: 4005 Category: Standards Track P. Calhoun G. Zorn Cisco Systems Inc. D. Spence Consultant D. Mitton Circular Networks August 2005 Status of This Memo Diameter
More informationHPE IMC UAM 802.1X Access Control and RSA Authentication Configuration Examples
HPE IMC UAM 802.1X Access Control and RSA Authentication Configuration Examples Part Number: 5200-1366 Software version: IMC UAM 7.2 (E0403) Document version: 2 The information in this document is subject
More informationRADIUS Commands. Cisco IOS Security Command Reference SR
RADIUS Commands This chapter describes the commands used to configure RADIUS. RADIUS is a distributed client/server system that secures networks against unauthorized access. In the Cisco implementation,
More informationHP VSR1000 Virtual Services Router
HP VSR1000 Virtual Services Router Layer 2 - WAN Access Configuration Guide Part number: 5998-6023 Software version: VSR1000_HP-CMW710-R0202-X64 Document version: 6W100-20140418 Legal and notice information
More informationCategory: Standards Track Cisco Systems Inc. David Spence Interlink Networks Inc. David Mitton Circular Networks. Feb 2004
AAA Working Group Internet-Draft Category: Standards Track Pat R. Calhoun Airespace Inc. Glen Zorn Cisco Systems Inc. David Spence Interlink Networks Inc. David Mitton Circular Networks Feb 2004 Diameter
More informationCisco Nexus 1000V for KVM Security Configuration Guide, Release 5.x
Cisco Nexus 1000V for KVM Security Configuration Guide, Release 5.x First Published: August 01, 2014 Last Modified: November 13, 2015 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San
More informationConfiguring 802.1X Port-Based Authentication
CHAPTER 10 This chapter describes how to configure IEEE 802.1X port-based authentication on the Catalyst 3750 switch. As LANs extend to hotels, airports, and corporate lobbies, creating insecure environments,
More informationNetwork Access Flows APPENDIXB
APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies
More informationConfiguring TACACS. Finding Feature Information. Prerequisites for Configuring TACACS
TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ provides detailed accounting information and flexible
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationManaging External Identity Sources
CHAPTER 5 The Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other
More informationLogging in to the CLI
Contents Logging in to the CLI 1 Login methods 1 Logging in through the console port 2 Introduction 2 Configuration procedure 2 Logging in through the AUX port 5 Configuration prerequisites 5 Configuration
More informationConfiguring Basic AAA on an Access Server
Configuring Basic AAA on an Access Server Document ID: 10384 Contents Introduction Before You Begin Conventions Prerequisites Components Used Network Diagram General AAA Configuration Enabling AAA Specifying
More informationOverview. RADIUS Protocol CHAPTER
CHAPTER 1 The chapter provides an overview of the RADIUS server, including connection steps, RADIUS message types, and using Cisco Access Registrar as a proxy server. Cisco Access Registrar is a RADIUS
More informationAAA Authorization and Authentication Cache
AAA Authorization and Authentication Cache First Published: March 16, 2006 Last Updated: March 1, 2006 The AAA Authorization and Authentication Cache feature allows you to cache authorization and authentication
More informationConfiguring RADIUS. Finding Feature Information. Prerequisites for RADIUS
The RADIUS security system is a distributed client/server system that secures networks against unauthorized access. In the Cisco implementation, RADIUS clients run on Cisco devices and send authentication
More informationHPE IMC UAM Device User Authentication Configuration Examples
HPE IMC UAM Device User Authentication Configuration Examples Part Number: 5200-1375 Software version: IMC UAM 7.2 (E0403) Document version: 2 The information in this document is subject to change without
More informationWith 802.1X port-based authentication, the devices in the network have specific roles.
This chapter contains the following sections: Information About 802.1X, page 1 Licensing Requirements for 802.1X, page 9 Prerequisites for 802.1X, page 9 802.1X Guidelines and Limitations, page 9 Default
More informationChapter 4 Configuring 802.1X Port Security
Chapter 4 Configuring 802.1X Port Security Overview HP devices support the IEEE 802.1X standard for authenticating devices attached to LAN ports. Using 802.1X port security, you can configure an HP device
More informationAccess Service Security
CHAPTER 4 Access Service Security The access service security paradigm presented in this guide uses the authentication, authorization, and accounting (AAA) facility: Authentication requires dial-in users
More informationConfiguring TACACS+ Information About TACACS+ Send document comments to CHAPTER
4 CHAPTER This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on NX-OS devices. This chapter includes the following sections: Information
More informationSymbols INDEX. <cr> baud rates? command xiv. transmit line speed, configuring. buffers. XRemote size TR-224 busy-message command
INDEX Symbols B xv baud rates? command xiv transmit line speed, configuring TR-208 buffers A XRemote size TR-224 busy-message command TR-17 absolute-timeout command TR-2 access-class (LAT) command
More informationAAA Server Groups. Finding Feature Information. Information About AAA Server Groups. AAA Server Groups
Configuring a device to use authentication, authorization, and accounting (AAA) server groups provides a way to group existing server hosts. Grouping existing server hosts allows you to select a subset
More information802.1x Configuration. Page 1 of 11
802.1x Configuration Page 1 of 11 Contents Chapter1 Configuring 802.1X...3 1.1 Brief Introduction to 802.1X Configuration... 3 1.1.1 Architecture of 802.1X...3 1.1.2 Rule of 802.1x... 5 1.1.3 Configuring
More informationUser Databases. ACS Internal Database CHAPTER
CHAPTER 12 The Cisco Secure Access Control Server Release 4.2, hereafter referred to as ACS, authenticates users against one of several possible databases, including its internal database. You can configure
More informationHPE IMC UAM 802.1X Authentication Configuration Examples
HPE IMC UAM 802.1X Authentication Configuration Examples Part Number: 5200-1365 Software version: IMC UAM 7.2 (E0403) Document version: 2 The information in this document is subject to change without notice.
More informationConfiguring IEEE 802.1X Port-Based Authentication
CHAPTER 44 This chapter describes how to configure IEEE 802.1X port-based authentication to prevent unauthorized devices (clients) from gaining access to the network. Note For complete syntax and usage
More informationOperation Manual Login and User Interface. Table of Contents
Table of Contents Table of Contents Chapter 1 Switch Login... 1-1 1.1 Setting Up Configuration Environment Through the Console Port... 1-1 1.2 Setting Up Configuration Environment Through Telnet... 1-2
More informationVendor-Proprietary Attribute
RADIUS s The IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server. However, some vendors have extended
More informationConfiguring Switch Security
CHAPTER 9 The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a switch. The Cisco MDS 9020 Fabric Switch
More informationConfiguring Authorization
The AAA authorization feature is used to determine what a user can and cannot do. When AAA authorization is enabled, the network access server uses information retrieved from the user s profile, which
More informationCisco IOS Firewall Authentication Proxy
Cisco IOS Firewall Authentication Proxy This feature module describes the Cisco IOS Firewall Authentication Proxy feature. It includes information on the benefits of the feature, supported platforms, configuration
More informationLogin management commands
Contents Login management commands 1 CLI login configuration commands 1 display telnet client configuration 1 telnet 1 telnet ipv6 2 telnet server enable 3 User interface configuration commands 3 acl (user
More informationThe MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to
The feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to utilize Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAP V2) authentication for PPP connections between
More informationHP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)
HP MSR Router Series Layer 2 - WAN Access Configuration Guide(V7) Part number: 5998-6465 Software version: CMW710-R0106 Document version: 6PW101-20140807 Legal and notice information Copyright 2014 Hewlett-Packard
More informationREMOTE AUTHENTICATION DIAL IN USER SERVICE
AAA / REMOTE AUTHENTICATION DIAL IN USER SERVICE INTRODUCTION TO, A PROTOCOL FOR AUTHENTICATION, AUTHORIZATION AND ACCOUNTING SERVICES Peter R. Egli INDIGOO.COM 1/12 Contents 1. AAA - Access Control 2.
More informationCisco Transport Manager Release 9.2 Basic External Authentication
Cisco Transport Manager Release 9.2 Basic External Authentication August 23, 2010 This document describes the basic external authentication functionality in Cisco Transport Manager (CTM) Release 9.2. Contents
More informationOperation Manual SSH H3C S3610&S5510 Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 SSH Overview... 1-1 1.2 Configuring the SSH Server... 1-5 1.2.1 Enabling SSH Server... 1-5 1.2.2 Configuring the Protocols for the SSH Client User Interface
More informationRADIUS Logical Line ID
The feature, also known as the Logical Line Identification (LLID) Blocking feature enables administrators to track their customers on the basis of the physical lines on which customer calls originate.
More informationConfiguring Client-Initiated Dial-In VPDN Tunneling
Configuring Client-Initiated Dial-In VPDN Tunneling Client-initiated dial-in virtual private dialup networking (VPDN) tunneling deployments allow remote users to access a private network over a shared
More informationTable of Contents 1 SSH Configuration 1-1
Table of Contents 1 SSH Configuration 1-1 SSH Overview 1-1 Introduction to SSH 1-1 Algorithm and Key 1-1 Asymmetric Key Algorithm 1-2 SSH Operating Process 1-2 Configuring the SSH Server 1-4 SSH Server
More informationTerminal Services Commands translate lat
translate lat translate lat To translate a connection request to another protocol connection type when receiving a local-area transport (LAT) request, use the translate lat command in global configuration
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationRADIUS for Multiple UDP Ports
RADIUS security servers are identified on the basis of their hostname or IP address, hostname and specific UDP port numbers, or IP address and specific UDP port numbers. The combination of the IP address
More informationAAA Administration. Setting up RADIUS. Information About RADIUS
Setting up RADIUS, page 1 Setting up TACACS+, page 26 Maximum Local Database Entries, page 37 Information About Configuring Maximum Local Database Entries, page 37 Configuring Maximum Local Database Entries
More informationConfiguring Security Features on an External AAA Server
CHAPTER 3 Configuring Security Features on an External AAA Server The authentication, authorization, and accounting (AAA) feature verifies the identity of, grants access to, and tracks the actions of users
More informationConfiguring Authentication Proxy
The Cisco IOS Firewall Authentication Proxy feature provides dynamic, per-user authentication and authorization, authenticating users against industry standard TACACS+ and RADIUS authentication protocols.
More informationRequest for Comments: 4072 Category: Standards Track Lucent Technologies G. Zorn Cisco Systems August 2005
Network Working Group Request for Comments: 4072 Category: Standards Track P. Eronen, Ed. Nokia T. Hiller Lucent Technologies G. Zorn Cisco Systems August 2005 Diameter Extensible Authentication Protocol
More informationConfiguring RADIUS and TACACS+
28 CHAPTER The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches
More information