Contents
Configuring AAA ························································································································································· 1
AAA overview ··································································································································································· 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 7
Domain-based user management ··························································································································· 9
AAA for MPLS L3VPNs ········································································································································· 11
Protocols and standards ······································································································································· 12
RADIUS attributes ·················································································································································· 12
FIPS compliance ····························································································································································· 15
Configuring AAA schemes ············································································································································ 17
Configuring local users ········································································································································· 17
Configuring RADIUS schemes ······························································································································ 21
Configuring HWTACACS schemes ····················································································································· 34
Configuration prerequisites ·································································································································· 41
Creating an ISP domain ······································································································································· 41
Tearing down user connections ···································································································································· 48
Configuring a RADIUS user ·································································································································· 49
Specifying a RADIUS client ·································································································································· 50
Displaying and maintaining AAA ································································································································ 50
AAA configuration examples ········································································································································ 51
Troubleshooting AAA ···················································································································································· 63
Troubleshooting RADIUS ······································································································································· 63
Troubleshooting HWTACACS ······························································································································ 64
802.1X overview ······················································································································································· 65
802.1X architecture ······················································································································································· 65
802.1X-related protocols ·············································································································································· 66
Packet formats ························································································································································ 67
EAP over RADIUS ·················································································································································· 68
Initiating 802.1X authentication ··································································································································· 68
802.1X client as the initiator································································································································ 68
Access device as the initiator ······························································································································· 69
i