Radius-Server Domain-Stripping Enhancements
|
|
- Caroline Ramsey
- 5 years ago
- Views:
Transcription
1 Radius-Server Domain-Stripping Enhancements Feature History Release 12.2(15)B Modification This feature was introduced on the Cisco 7200 series and Cisco 7400 ASR. This document describes the Radius-Server Domain-Stripping Enhancements feature in Cisco IOS Release 12.2(15)B. It includes the following sections: Feature Overview, page 1 Supported Platforms, page 2 Supported Standards, MIBs, and RFCs, page 2 Configuration Tasks, page 3 Configuration Examples, page 4 Command Reference, page 5 Feature Overview The Radius-Server Domain-Stripping Enhancements feature introduces two new configuration options to the radius-server domain-stripping command the right-to-left and delimiter options. Before this feature, whenever the radius-server domain-stripping command was enabled, the authentication, authorization, and accounting (AAA) username format user@company.com could be sent to remote RADIUS servers only in the reformatted username user. (That is, the reformatted username was formed from the original string but terminated at the character going from left to right.) This functionality limited the choice of usernames if there were more than character within the string. It also limited the domain delimiter to character because any other possible characters (such as the % character) could not be used. The right-to-left and delimiter options address these limitations in the following ways: The right-to-left option parses the username in the reverse direction (from right to left) so that the username user@company.com can also be sent in AAA requests. The delimiter option configures a combination of characters (@, $,%, /, -, and \) to be the set if domain delimiter characters. Any of domain delimiters in the configured subset can be recognized, but whichever character comes first when searching the original username string is recognized first. 1
2 Supported Platforms Radius-Server Domain-Stripping Enhancements Benefits This feature introduces support for the following two variations of a AAA username: The right-to-left option, which configures a username with multiple domain delimiters The delimiter option, which configures a username with domain delimiters other than character. Related Documents For information on additional RADIUS commands and RADIUS configurations tasks, refer to the following documents: The chapter Configuring RADIUS in the Cisco IOS Security Configuration Guide, Release 12.2 The chapter RADIUS Commands in the Cisco IOS Security Command Reference, Release 12.2 For information on enabling VRF-aware domain-stripping, refer to the following document: Per VRF AAA, Cisco IOS feature module Release 12.2(4)B Supported Platforms Cisco 7200 series Cisco 7400 series Availability of Cisco IOS Software Images Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator. Supported Standards, MIBs, and RFCs Standards None MIBs None To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: 2
3 Radius-Server Domain-Stripping Enhancements Configuration Tasks If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL: To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank to cco-locksmith@cisco.com. An automatic check will verify that your address is registered with Cisco.com. If the check is successful, account details with a new random password will be ed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL: RFCs None Configuration Tasks See the following sections for configuration tasks for the Radius-Server Domain-Stripping Enhancements feature. Each task in the list is identified as either required or optional. Configuring Right-to-Left Support (required) Configuring Delimiter Support (required) Verifying Right-to-Left and Delimiter Configurations (optional) Configuring Right-to-Left Support To enable the right-to-left option to support a username with multiple domain delimiters, use the following command in global configuration mode: Command Router (config)# radius-server domain-stripping [right-to-left] [vrf vrf-name] Purpose Enables domain-stripping. right-to-left Parses the username in reverse direction (from right to left). vrf vrf-name Specifies the per-vrf configuration. This option works for VRF users and non-vrf users. This option works independently from the delimiter option. 3
4 Configuration Examples Radius-Server Domain-Stripping Enhancements Configuring Delimiter Support To enable the delimiter option to support a username with domain delimiters other than character, use the following command in global configuration mode: Command Router (config)# radius-server domain-stripping [right-to-left] [vrf vrf-name] Purpose Enables domain-stripping. delimiter string1[string2... string7] Configures a character or combination of characters to be the domain delimiter character set. Available character options #, $,%, /, -, and \. vrf vrf-name Specifies the per-vrf configuration. This option works for VRF users and non-vrf users. This option works independently from the right-to-left option. Verifying Right-to-Left and Delimiter Configurations To verify feature functionality, use the following command in EXEC mode: Command Router# debug radius Purpose Checks whether the reformatted username attribute is sent to the RADIUS server in authentication and accounting requests. Configuration Examples This section provides the following configuration examples: Right-to-Left Configuration Example Delimiter Character Set Example Right-to-Left Configuration Example The following example shows a configuration that strips the domain name from the VRF abc and strips the domain name from right to left for the non-vrf and VRF def. In this example, VRF abc has the original username user1@abc.com.@isp.net, and the reformatted version user1 will be used in requests that are sent to RADIUS servers. The non-vrf has the username user2@isp.com@isp.net, and the reformatted version user2@isp.com will be used. VRF def has the original format user3@def.com@isp.net, and the reformatted version user3@def.com will be used. radius-server domain-stripping vrf abc radius-server domain-stripping right-to-left radius-server domain-stripping right-to-left vrf def 4
5 Radius-Server Domain-Stripping Enhancements Command Reference Delimiter Character Set Example The following example shows a configuration that strips the domain name from the VRF abc, strips the domain name from VRF def at the % string, and strips the domain name from the VRF ghi from right to left at the delimiter character $, /: radius-server domain-stripping vrf abc radius-server domain-stripping delimiter % vrf def radius-server domain-stripping right-to-left vrf ghi After the domain stripping is complete, the corresponding usernames are sent to the RADIUS server as described in Table 1. Table 1 radius-server domain-stripping Reformatted Username Examples Original Username user1@abc.com@isp.net%mfxxx user1@def.com@isp.net%mfxxx user1@ghi.com@isp.net%mfxxx Reformatted Username user1 user1@def.com@isp.net user1@ghi.com Command Reference This section documents a new command. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications. radius-server domain-stripping 5
6 radius-server domain-stripping Radius-Server Domain-Stripping Enhancements radius-server domain-stripping To enable domain stripping, use the radius-server domain-stripping command in global configuration mode. To remove this command from your configuration, use the no form of this command. radius-server domain-stripping [right-to-left] [delimiter string1, [string2... string7]] [vrf vrf-name] no radius-server domain-stripping [right-to-left] [delimiter string1, [string2... string7]] [vrf vrf-name] Syntax Description right-to-left delimiter string1, [string2... string7] vrf vrf-name (Optional) Parses the username in reverse direction (from right to left). (Optional) Configures a character or combination of characters to be the domain delimiter character set. Available character options #, $,%, /, -, and \. Do not put the \ string as the final character unless it is the only character string being used. (Optional) Specifies the per-vrf configuration. Defaults RADIUS server domain-stripping is not configured. The username is parsed from left to right. The default delimiter string Command Modes Global configuration Command History Release 12.2(2)DD 12.2(4)B 12.2(15)B Modification This command was introduced. This command was integrated into Cisco IOS Release 12.2(4)B. The right-to-left and delimiter string1, [string2... string7] options were added. Usage Guidelines Use the radius-server domain-stripping command to strip or truncate the domain from a username. For example, if the username is user1@cisco.com and the radius-server domain-stripping command is configured, only user1 is sent out as the username. When the right-to-left keyword is configured, the username is parsed in the reverse direction. For example, if this keyword is not enabled, user is the only available username for user@company.com@isp.net. However, if this keyword is enabled, the username user@company.com. can also be sent in authentication, authorization, and accounting (AAA) requests. When the delimiter string1, [string2... string7] option is configured, a character set of domain delimiters is configured in the username. Any of domain delimiters in the configured subset can be recognized, but whichever character comes first when searching the original username string is recognized first. 6
7 Radius-Server Domain-Stripping Enhancements radius-server domain-stripping The right-to-left and delimiter keywords work for VRF and non-vrf users. Also, each keyword works independently of each other. When the vrf vrf-name option is configured, domain stripping applies only to the specified VRF. Examples The following example shows a configuration that strips the domain name from the VRF abc and strips the domain name from right to left for the non-vrf and VRF def. In this example, VRF abc has the original username user1@abc.com.@isp.net, and the reformatted version user1 will be used in requests that are sent to RADIUS servers. The non-vrf has the username user2@isp.com@isp.net, and the reformatted version user2@isp.com will be used. VRF def has the original format user3@def.com@isp.net, and the reformatted version user3@def.com will be used. radius-server domain-stripping vrf abc radius-server domain-stripping right-to-left radius-server domain-stripping right-to-left vrf def The following example shows a configuration that strips the domain name from the VRF abc, strips the domain name from VRF def at the % string, and strips the domain name from the VRF ghi from right to left at the delimiter character $, /: radius-server domain-stripping vrf abc radius-server domain-stripping delimiter % vrf def radius-server domain-stripping right-to-left vrf ghi After the domain stripping is complete, the corresponding usernames are sent to the RADIUS server as follows: Original Username user1@abc.com@isp.net%mfxxx user1@def.com@isp.net%mfxxx user1@ghi.com@isp.net%mfxxx Reformatted Username user1 user1@def.com@isp.net user1@ghi.com 7
8 radius-server domain-stripping Radius-Server Domain-Stripping Enhancements 8
VLAN Range. Feature Overview
VLAN Range Feature History Release 12.0(7)XE 12.1(5)T 12.2(2)DD 12.2(4)B 12.2(8)T 12.2(13)T Modification The interface range command was introduced. The interface range command was integrated into Cisco
More informationVLAN Range. Feature Overview
VLAN Range Feature History Release 12.0(7)XE 12.1(5)T 12.2(2)DD Modification The interface range command was introduced. The interface range command was integrated into Cisco IOS Release 12.1(5)T. The
More informationSignaling IS-IS When dcef Is Disabled
Signaling IS-IS When dcef Is Disabled Feature History Release 12.0(10)S 12.0(10)ST Modification This feature was introduced. This command was integrated into T. This feature module describes the Signaling
More informationPre-Fragmentation for IPSec VPNs
Pre-Fragmentation for IPSec VPNs Feature History Release 12.1(11b)E 12.2(13)T 12.2(14)S Modification This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(13)T. This feature
More informationRADIUS Route Download
The feature allows users to configure their network access server (NAS) to direct RADIUS authorization. Finding Feature Information, page 1 Prerequisites for, page 1 Information About, page 1 How to Configure,
More informationRPR+ on Cisco 7500 Series Routers
RPR+ on Cisco 7500 Series Routers Feature History 12.0(19)ST1 12.0(22)S 12.2(14)S This feature was introduced. This feature was integrated into Cisco IOS Release 12.0(22)S. This feature was integrated
More informationRestrictions for Secure Copy Performance Improvement
The Protocol (SCP) feature provides a secure and authenticated method for copying router configuration or router image files. SCP relies on Secure Shell (SSH), an application and a protocol that provide
More informationUniversal Port Resource Pooling for Voice and Data Services
Universal Port Resource Pooling for Voice and Data Services Feature History Release 12.2(2)XA 12.2(2)XB1 12.2(11)T Description This feature was introduced on the Cisco AS5350 and AS5400. This feature was
More informationConfiguring Local Authentication and Authorization
Configuring Local Authentication and Authorization Finding Feature Information, page 1 How to Configure Local Authentication and Authorization, page 1 Monitoring Local Authentication and Authorization,
More informationMPLS VPN ID. Feature Overview. This feature was introduced. Support for this feature was integrated into Cisco IOS Release 12.2(4)B.
MPLS VPN ID Feature History Release 12.0(17)ST 12.2(4)B Modification This feature was introduced. Support for this feature was integrated into. This document describes the MPLS VPN ID feature in and includes
More informationEncrypted Vendor-Specific Attributes
The feature provides users with a way to centrally manage filters at a RADIUS server and supports the following types of string vendor-specific attributes (VSAs): Tagged String VSA, on page 2 (similar
More informationThis feature was introduced.
Feature History Release 12.2(11)T Modification This feature was introduced. This document describes the QSIG for TCL IVR (Tool Language Interactive Voice Response) 2.0 feature in and includes the following
More informationAAA Authorization and Authentication Cache
AAA Authorization and Authentication Cache First Published: March 16, 2006 Last Updated: March 1, 2006 The AAA Authorization and Authentication Cache feature allows you to cache authorization and authentication
More informationDHCP Server Port-Based Address Allocation
The feature provides port-based address allocation support on the Cisco IOS Dynamic Host Configuration Protocol (DHCP) server for the Ethernet platform. The DHCP server provides address assignment support
More informationRADIUS Logical Line ID
RADIUS Logical Line ID Feature History for RADIUS Logical Line ID Release Modification 12.2(13)T This feature was introduced. 12.2(15)B This feature was integrated into Cisco IOS Release 12.2(15)B. 12.2(27)SBA
More informationIEEE 802.1X Multiple Authentication
The feature provides a means of authenticating multiple hosts on a single port. With both 802.1X and non-802.1x devices, multiple hosts can be authenticated using different methods. Each host is individually
More informationHTTP 1.1 Web Server and Client
The feature provides a consistent interface for users and applications by implementing support for HTTP 1.1 in Cisco IOS XE software-based devices. When combined with the HTTPS feature, the feature provides
More informationAAA Dead-Server Detection
The feature allows you to configure the criteria to be used to mark a RADIUS server as dead. If no criteria are explicitly configured, the criteria are computed dynamically on the basis of the number of
More informationEncrypted Vendor-Specific Attributes
Encrypted Vendor-Specific Attributes Last Updated: January 15, 2012 The Encrypted Vendor-Specific Attributes feature provides users with a way to centrally manage filters at a RADIUS server and supports
More informationFPG Endpoint Agnostic Port Allocation
When the Endpoint Agnostic Port Allocation feature is configured, an entry is added to the Symmetric Port Database. If the entry is already available, the port listed in the Symmetric Port Database is
More informationDHCP Relay MPLS VPN Support
DHCP Relay MPLS VPN Support Feature History Release 12.2(4)B 12.2(8)T 12.2(13)T 12.2(27)SBA Modification This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(8)T The feature
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, on page 1 Prerequisites for Configuring Secure Shell, on page 1 Restrictions for Configuring Secure Shell, on page 2 Information About Configuring Secure Shell, on page 2 How
More informationMPLS Traffic Engineering (TE) Configurable Path Calculation Metric for Tunnels
MPLS Traffic Engineering (TE) Configurable Path Calculation Metric for Tunnels Feature History Release 12.0(18)ST 12.2(11)S 12.0(22)S Modification This feature was introduced. This feature was integrated
More informationYou can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource
The feature enables the configuration of a Virtual Private Network (VPN) routing and forwarding instance (VRF) table so that the domain name system (DNS) can forward queries to name servers using the VRF
More informationThe MSCHAP Version 2 feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to
The feature (introduced in Cisco IOS Release 12.2(2)XB5) allows Cisco routers to utilize Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAP V2) authentication for PPP connections between
More informationImplementing Secure Shell
Implementing Secure Shell Secure Shell (SSH) is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures sessions using standard cryptographic mechanisms,
More informationPPPoE Client DDR Idle Timer
The feature supports the dial-on-demand routing (DDR) interesting traffic control list functionality of the dialer interface with a PPP over Ethernet (PPPoE) client, but also keeps original functionality
More informationConfiguring Secure Shell (SSH)
Starting with Cisco IOS XE Denali 16.3.1, Secure Shell Version 1 (SSHv1) is deprecated. Finding Feature Information, on page 1 Prerequisites for Configuring Secure Shell, on page 1 Restrictions for Configuring
More informationConfiguring Embedded Resource Manager-MIB
The Embedded Resource Manager (ERM)-MIB feature introduces MIB support for the ERM feature. The ERM feature tracks resource usage information for every registered resource owner and resource user. The
More informationDHCP Server Port-Based Address Allocation
DHCP Server Port-Based Address Allocation Finding Feature Information DHCP Server Port-Based Address Allocation Last Updated: July 04, 2011 First Published: June 4, 2010 Last Updated: Sept 9, 2010 The
More informationNetFlow Multiple Export Destinations
Feature History Release 12.0(19)S 12.0(19)ST 12.2(2)T 12.2(14)S Modification This feature was introduced on the Cisco 12000 Internet router. This feature was integrated into Cisco IOS Release 12.0(19)ST.
More informationWCCPv2 and WCCP Enhancements
WCCPv2 and WCCP Enhancements Release 12.0(11)S June 20, 2000 This feature module describes the Web Cache Communication Protocol (WCCP) Enhancements feature and includes information on the benefits of the
More informationMatch-in-VRF Support for NAT
The feature supports Network Address Translation (NAT) of packets that communicate between two hosts within the same VPN routing and forwarding (VRF) instance. In intra-vpn NAT, both the local and global
More informationConfiguring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon
Configuring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon Intelligent Services Gateway (ISG) is a Cisco software feature set that provides a structured framework in which
More information1-Port DSU/CSU T1 WIC for the Cisco 1700, Cisco 2600, Cisco 3600, and Cisco 3700 Series Routers
1-Port DSU/CSU T1 WIC for the Cisco 1700, Cisco 2600, Cisco 3600, and Cisco 3700 Series Routers Feature History Release Modification 11.2 This feature was introduced on the Cisco 1600 series and Cisco
More informationIPsec Dead Peer Detection Periodic Message Option
IPsec Dead Peer Detection Periodic Message The IPsec Dead Peer Detection Periodic Message feature is used to configure the router to query the liveliness of its Internet Key Exchange (IKE) peer at regular
More informationDMVPN Event Tracing. Finding Feature Information
The feature provides a trace facility for troubleshooting Cisco IOS Dynamic Multipoint VPN (DMVPN). This feature enables you to monitor DMVPN events, errors, and exceptions. During runtime, the event trace
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information about SSH, page 3 How to Configure SSH, page 5 Monitoring
More informationOSPFv2 Local RIB. Finding Feature Information
With the feature, each OSPF protocol instance has its own local Routing Information Base (RIB). The OSPF local RIB serves as the primary state for OSPF SPF route computation. The global RIB is not updated
More informationPer-User ACL Support for 802.1X/MAB/Webauth Users
Per-User ACL Support for 802.1X/MAB/Webauth Users This feature allows per-user ACLs to be downloaded from the Cisco Access Control Server (ACS) as policy enforcement after authentication using IEEE 802.1X,
More informationPassword Strength and Management for Common Criteria
Password Strength and Management for Common Criteria The Password Strength and Management for Common Criteria feature is used to specify password policies and security mechanisms for storing, retrieving,
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information about SSH, page 2 How to Configure SSH, page 5 Monitoring
More informationDHCP Server RADIUS Proxy
The Dynamic Host Configuration Protocol (DHCP) Server RADIUS Proxy is a RADIUS-based address assignment mechanism in which a DHCP server authorizes remote clients and allocates addresses based on replies
More informationRSVP Support for RTP Header Compression, Phase 1
RSVP Support for RTP Header Compression, Phase 1 The Resource Reservation Protocol (RSVP) Support for Real-Time Transport Protocol (RTP) Header Compression, Phase 1 feature provides a method for decreasing
More informationConfiguring User Accounts and RBAC
6 CHAPTER This chapter describes how to configure user accounts and role-based access control (RBAC) on NX-OS devices. This chapter includes the following sections: Information About User Accounts and
More informationDHCP ODAP Server Support
DHCP ODAP Server Support The DHCP ODAP Server Support feature introduces the capability to configure a Cisco IOS Dynamic Host Configuration Protocol (DHCP) server (or router) as a subnet allocation server.
More informationIEEE 802.1X RADIUS Accounting
The feature is used to relay important events to the RADIUS server (such as the supplicant's connection session). The information in these events is used for security and billing purposes. Finding Feature
More informationGeneric Transparency Descriptor for GKTMP Using SS7 Interconnect for Voice Gateways Version 2.0
Generic Transparency Descriptor for GKTMP Using SS7 Interconnect for Voice Gateways Version 20 Feature History Release 122(2)XU Modification This feature was introduced This document describes the Generic
More informationConfiguring Authorization
The AAA authorization feature is used to determine what a user can and cannot do. When AAA authorization is enabled, the network access server uses information retrieved from the user s profile, which
More informationibgp Multipath Load Sharing
ibgp Multipath Load haring Feature History Release 12.2(2)T 12.2(14) Modification This feature was introduced. This feature was integrated into. This feature module describes the ibgp Multipath Load haring
More informationPrerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+)
Finding Feature Information, page 1 Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+), page 1 Information About TACACS+, page 3 How to Configure
More informationPT Activity: Configure AAA Authentication on Cisco Routers
PT Activity: Configure AAA Authentication on Cisco Routers Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask R1 Fa0/0 192.168.1.1 255.255.255.0 S0/0/0 10.1.1.2
More informationConfiguring TACACS. Finding Feature Information. Prerequisites for Configuring TACACS
TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ provides detailed accounting information and flexible
More informationSecure Shell Configuration Guide, Cisco IOS XE Everest 16.6
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring the Switch for Secure Shell (SSH) and Secure Copy Protocol (SCP), page 1 Restrictions for Configuring the Switch for SSH, page 2 Information
More informationExclusive Configuration Change Access and Access Session Locking
Exclusive Configuration Change Access and Access Session Locking Exclusive Configuration Change Access (also called the Configuration Lock feature) allows you to have exclusive change access to the Cisco
More informationConstraining IP Multicast in a Switched Ethernet Network
Constraining IP Multicast in a Switched Ethernet Network This module describes how to configure routers to use the Cisco Group Management Protocol (CGMP) in switched Ethernet networks to control multicast
More informationConfiguring the Physical Subscriber Line for RADIUS Access and Accounting
Configuring the Physical Subscriber Line for RADIUS Access and Accounting Configuring a physical subscriber line for RADIUS Access and Accounting enables an L2TP access concentrator (LAC) and an L2TP network
More informationEIGRP Support for Route Map Filtering
The feature enables Enhanced Interior Gateway Routing Protocol (EIGRP) to interoperate with other protocols to leverage additional routing functionality by filtering inbound and outbound traffic based
More informationIEEE 802.1X Open Authentication
allows a host to have network access without having to go through IEEE 802.1X authentication. Open authentication is useful in an applications such as the Preboot Execution Environment (PXE), where a device
More informationTransferring Files Using HTTP or HTTPS
Cisco IOS Release 12.4 provides the ability to transfer files between your Cisco IOS software-based device and a remote HTTP server using the HTTP or HTTP Secure (HTTPS) protocol. HTTP and HTTPS can now
More informationMPLS VPN Carrier Supporting Carrier
MPLS VPN Carrier Supporting Carrier Feature History Release 12.0(14)ST 12.0(16)ST 12.2(8)T 12.0(21)ST 12.0(22)S 12.0(23)S Modification This feature was introduced in Cisco IOS Release 12.0(14)ST. Support
More informationConfiguring Secure Shell
Configuring Secure Shell Last Updated: October 24, 2011 The Secure Shell (SSH) feature is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures
More informationConfiguring Secure Shell (SSH)
Finding Feature Information, page 1 Prerequisites for Configuring the Switch for Secure Shell (SSH) and Secure Copy Protocol (SCP), page 1 Restrictions for Configuring the ControllerDevice for SSH, page
More informationHTTP 1.1 Web Server and Client
HTTP 1.1 Web Server and Client Last Updated: October 12, 2011 The HTTP 1.1 Web Server and Client feature provides a consistent interface for users and applications by implementing support for HTTP 1.1
More informationConfiguring a Basic Wireless LAN Connection
This module describes how to configure a wireless LAN (WLAN) connection between a wireless device, such as a laptop computer or mobile phone, and a Cisco 800, 1800 (fixed and modular), 2800, or 3800 series
More informationAutosense for ATM PVCs and MUX SNAP Encapsulation
Autosense for ATM PVCs and MUX SNAP Encapsulation The PPPoA/PPPoE Autosense for ATM PVCs feature enables a router to distinguish between incoming PPP over ATM (PPPoA) and PPP over Ethernet (PPPoE) over
More informationCisco Voice Applications OID MIB
Cisco Voice Applications OID MIB The Cisco Voice Applications OID MIB (ciscovoiceapplicationsoidmib) defines the object identifiers (OIDs) that are assigned to various Cisco voice applications, such as
More informationOSP URL Command Change
OSP URL Command Change Feature History Release 12.2(2)XU Modification This feature was introduced. This document describes the OSP URL Command Change feature in and includes the following sections: Feature
More informationHTTP 1.1 Web Server and Client
HTTP 1.1 Web Server and Client Finding Feature Information HTTP 1.1 Web Server and Client Last Updated: June 01, 2011 The HTTP 1.1 Web Server and Client feature provides a consistent interface for users
More informationMemory Threshold Notifications
The feature allows you to reserve memory for critical notifications and to configure a router to issue notifications when available memory falls below a specified threshold. Finding Feature Information,
More informationRADIUS Change of Authorization
The (CoA) feature provides a mechanism to change the attributes of an authentication, authorization, and accounting (AAA) session after it is authenticated. When a policy changes for a user or user group
More informationConfiguring Secure Shell (SSH)
Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information About Configuring Secure Shell, page 2 How to Configure Secure Shell, page 4 Monitoring
More informationConfiguring User Accounts and RBAC
7 CHAPTER This chapter describes how to configure user accounts and role-based access control (RBAC) on NX-OS devices. This chapter includes the following sections: Information About User Accounts and
More informationImplementing Management Plane Protection
The Management Plane Protection (MPP) feature in Cisco IOS XR software provides the capability to restrict the interfaces on which network management packets are allowed to enter a device. The MPP feature
More informationSecure Shell Version 2 Support
Secure Shell Version 2 Support Last Updated: January 16, 2012 The Secure Shell Version 2 Support feature allows you to configure Secure Shell (SSH) Version 2. SSH runs on top of a reliable transport layer
More informationCisco IOS Login Enhancements-Login Block
The Cisco IOS Login Enhancements (Login Block) feature allows users to enhance the security of a router by configuring options to automatically block further login attempts when a possible denial-of-service
More informationIEEE 802.1X with ACL Assignments
The feature allows you to download access control lists (ACLs), and to redirect URLs from a RADIUS server to the switch, during 802.1X authentication or MAC authentication bypass of the host. It also allows
More informationMultiprotocol Label Switching (MPLS) on Cisco Routers
Multiprotocol Label Switching (MPLS) on Cisco Routers Feature History Release 11.1CT 12.1(3)T 12.1(5)T 12.0(14)ST 12.0(21)ST 12.0(22)S Modification The document introduced MPLS and was titled Tag Switching
More informationVPDN Group Session Limiting
VPDN Group Session Limiting Feature History Release 12.2(1)DX 12.2(2)DD 12.2(4)B 12.2(27)SB Modification This feature was introduced. This feature was integrated into Cisco IOS Release 12.2(2)DD. This
More informationRemote Access MPLS-VPNs
First Published: August 12, 2002 Last Updated: May 4, 2009 The feature allows the service provider to offer a scalable end-to-end Virtual Private Network (VPN) service to remote users. This feature integrates
More informationPPPoE Session Limit per NAS Port
PPPoE Session Limit per NAS Port First Published: March 17, 2003 Last Updated: February 28, 2006 The PPPoE Session Limit per NAS Port feature enables you to limit the number of PPP over Ethernet (PPPoE)
More informationCisco MICA Modem Dial Modifiers for Cisco AS5300 and AS5800 Universal Access Servers
Cisco MICA Modem Dial Modifiers for Cisco AS5300 and AS5800 Universal Access Servers June 22, 2001 This feature module describes dial modifier support for Cisco MICA modems through enhanced Cisco MICA
More informationRADIUS Logical Line ID
The feature, also known as the Logical Line Identification (LLID) Blocking feature enables administrators to track their customers on the basis of the physical lines on which customer calls originate.
More informationArea Command in Interface Mode for OSPFv2
This document describes how to enable Open Shortest Path First version 2 (OSPFv2) on a per-interface basis to simplify the configuration of unnumbered interfaces. The ip ospf area command allows you to
More informationtacacs-server administration through title-color
tacacs-server administration through title-color tacacs server, page 4 tacacs-server administration, page 6 tacacs-server directed-request, page 7 tacacs-server dns-alias-lookup, page 9 tacacs-server domain-stripping,
More informationConfiguring IP SLAs TCP Connect Operations
This module describes how to configure an IP Service Level Agreements (SLAs) TCP Connect operation to measure the response time taken to perform a TCP Connect operation between a Cisco router and devices
More informationRADIUS Tunnel Attribute Extensions
The feature allows a name to be specified (other than the default) for the tunnel initiator and the tunnel terminator in order to establish a higher level of security when setting up VPN tunneling. Finding
More informationImplementing Management Plane Protection on Cisco IOS XR Software
Implementing Management Plane Protection on Cisco IOS XR Software The Management Plane Protection (MPP) feature in Cisco IOS XR software provides the capability to restrict the interfaces on which network
More informationBGP Enforce the First Autonomous System Path
BGP Enforce the First Autonomous System Path The BGP Enforce the First Autonomous System Path feature is used to configure a Border Gateway Protocol (BGP) routing process to discard updates received from
More informationConfiguring TACACS+ Information About TACACS+ Send document comments to CHAPTER
4 CHAPTER This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on NX-OS devices. This chapter includes the following sections: Information
More informationConfiguring Authentication, Authorization, and Accounting
Configuring Authentication, Authorization, and Accounting This chapter contains the following sections: Information About AAA, page 1 Prerequisites for Remote AAA, page 5 Guidelines and Limitations for
More informationImplementing RIP for IPv6
Implementing RIP for IPv6 This module describes how to configure Routing Information Protocol for IPv6. RIP is a distance-vector routing protocol that uses hop count as a routing metric. RIP is an Interior
More informationIP Overlapping Address Pools
The feature improves flexibility in assigning IP addresses dynamically. This feature allows you to configure overlapping IP address pool groups to create different address spaces and concurrently use the
More informationCisco Mobile Networks Tunnel Templates for Multicast
Cisco Mobile Networks Tunnel Templates for Multicast The Cisco Mobile Networks--Tunnel Templates for Multicast feature allows the configuration of multicast on statically created tunnels to be applied
More informationBGP NSF Awareness. Finding Feature Information
Nonstop Forwarding (NSF) awareness allows a device to assist NSF-capable neighbors to continue forwarding packets during a Stateful Switchover (SSO) operation. The feature allows an NSF-aware device that
More informationOSPF Limit on Number of Redistributed Routes
Open Shortest Path First (OSPF) supports a user-defined maximum number of prefixes (routes) that are allowed to be redistributed into OSPF from other protocols or other OSPF processes. Such a limit could
More informationRADIUS NAS-IP-Address Attribute Configurability
RADIUS NAS-IP-Address Attribute The RADIUS NAS-IP-Address Attribute feature allows you to configure an arbitrary IP address to be used as RADIUS attribute 4, NAS-IP-Address, without changing the source
More informationFirewall Authentication Proxy for FTP and Telnet Sessions
Firewall Authentication Proxy for FTP and Telnet Sessions Last Updated: January 18, 2012 Before the introduction of the Firewall Authentication Proxy for FTP and Telnet Sessions feature, users could enable
More informationOSPF Incremental SPF
OSPF Incremental SPF The Open Shortest Path First (OSPF) protocol can be configured to use an incremental SPF algorithm for calculating the shortest path first routes. Incremental SPF is more efficient
More information