Contents
AAA configuration ······················································································································································· 1
AAA overview ··································································································································································· 1
RADIUS ······································································································································································ 2
HWTACACS ····························································································································································· 7
Domain-based user management ··························································································································· 9
AAA across MPLS L3VPNs ··································································································································· 11
Protocols and standards ······································································································································· 11
RADIUS attributes ·················································································································································· 12
Configuring AAA schemes ············································································································································ 16
Configuring local users ········································································································································· 16
Configuring RADIUS schemes ······························································································································ 20
Configuring HWTACACS schemes ····················································································································· 33
Configuration prerequisites ·································································································································· 39
Creating an ISP domain ······································································································································· 39
Tearing down user connections ···································································································································· 45
Configuring a RADIUS user ·································································································································· 47
Specifying a RADIUS client ·································································································································· 48
Displaying and maintaining AAA ································································································································ 48
AAA configuration examples ········································································································································ 49
Troubleshooting AAA ···················································································································································· 75
Troubleshooting RADIUS ······································································································································· 75
Troubleshooting HWTACACS ······························································································································ 76
802.1X fundamentals ················································································································································ 77
802.1X architecture ······················································································································································· 77
802.1X-related protocols ·············································································································································· 78
Packet formats ························································································································································ 79
EAP over RADIUS ·················································································································································· 80
Initiating 802.1X authentication ··································································································································· 80
802.1X client as the initiator ································································································································ 80
i