AAA Introduction Chalk Talk

Slides:



Advertisements
Similar presentations
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Advertisements

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Chapter 10 Server Administration1 Ch. 10 – Server Administration MIS 431 – created Spring 2006.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Guide To UNIX Using Linux Third Edition
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Maintaining and Updating Windows Server 2008
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Telnet/SSH: Connecting to Hosts Internet Technology1.
Ch. 5 – Access Points. Overview Access Point Connection.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Hands-On Virtual Computing
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 NGWC – Central Webauth (CWA) using ISE 3850 and 5760 Viten Patel – RTP Wireless.
Chapter 3: Authentication, Authorization, and Accounting
Troubleshooting Windows Vista Security Chapter 4.
Module 7: Fundamentals of Administering Windows Server 2008.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Zscaler New Interface and Reporting From Saturday 8 th June 2013.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Introduction to HP Availability Manager.
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Enjoy Remote Support WinVNC Introduction A&SIT Ben Wu 11/04/08.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 MSE Virtual Appliance Presenter Name: Patrick Nicholson.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
How to Deploy and Configure the Smart Net Total Care CSPC Collector
Retina Network Security Scanner
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Lesson 3a © 2005 Cisco Systems, Inc. All rights reserved. CSPFA v4.0—19-1 System Management and Maintenance.
Virtual Machines Module 2. Objectives Define virtual machine Define common terminology Identify advantages and disadvantages Determine what software is.
Maintaining and Updating Windows Server 2008 Lesson 8.
CACI Proprietary Information | Date 1 PD² v4.2 Increment 2 SR13 and FPDS Engine v3.5 Database Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead.
PuTTY Introduction to Web Programming Kirkwood Continuing Education by Fred McClurg © Copyright 2016, All Rights Reserved ssh client.
Accessing Your Documents from Your Personal Computer.
Administering the SOWN Network David R Newman & Chris Malton.
MaaS360 MDM for iOS, Android & Windows Phone 7
VMware ESX and ESXi Module 3.
Monitoring Windows Server 2012
Chapter Objectives In this chapter, you will learn:
© 2002, Cisco Systems, Inc. All rights reserved.
Training Objectives About D2F Download Installation Configuration
Working at a Small-to-Medium Business or ISP – Chapter 8
Troubleshooting Tools
Configuring Attendant Console
CCNA Routing and Switching Routing and Switching Essentials v6.0
Module Overview Installing and Configuring a Network Policy Server
Information Security Professionals
Chapter 10: Device Discovery, Management, and Maintenance
CCNA Routing and Switching Routing and Switching Essentials v6.0
Introduction to Networking
Marcos Hernandez, SMB Technical Marketing Engineer
Bomgar Remote support software
Officeinstall-setup.com Technical expert studying and writing helpful articles on antivirus and other security products.
Cisco Real Exam Dumps IT-Dumps
Telnet/SSH Connecting to Hosts Internet Technology.
Chapter 10: Device Discovery, Management, and Maintenance
Hardware Appliance Installation and Configuration
Chapter 8: Monitoring the Network
Lock and Key by Linda Wier 2/23/2019.
Chapter 10: Advanced Cisco Adaptive Security Appliance
Agenda Comware 5 and Comware 7 device based AAA:
Scott Miller TSM Team Lead Ray Mah Architect, Foundation
Scott Miller TSM Team Lead Ray Mah Architect, Foundation
Getting Started With LastPass Enterprise
Presentation transcript:

AAA Introduction Chalk Talk Foundation Concepts ABHISHEK NEELAKANATA

CONTENTS Product Overview Product License Logs and Debugs IOS/ASA AAA

Product Overview NAC Cisco Clean Access (CCA) NAC Profiler NAC Collector Guest Server ACS Cisco secure ACS on Windows ACS SE ACS Unix ACS Express IOS/FW/ASA AAA Auth Proxy 802.1x on SW WLSE AAA User Registration Tool (URT) (EOL: HW - March 31, 2011, App SW - March 31, 2009) Cisco Access Register (CAR) Cisco Security Manager ACS Integration Windows OS: Windows Supplicant CSSC CCA agent

CONTENTS Product Overview Product License Logs and Debugs IOS/ASA AAA

Product License Cisco Clean Access (CCA) For CAM, or CAS, or CAS Failover (HA) licenses: CAM's eth0 MAC address. For CAM Failover (HA) license only: eth0 MAC address of the secondary CAM. Both license installed on CAM GUI /perfigo/control/tomcat/normal-webapps/upload/ Cisco NAC Profiler Server/Collector For standalone profiler and collector : eth0 MAC address of the NAC Profiler Server HA Profiler : submit eth0 of primary and secondary profiler. HA Collector : Installed on the primary will have eth0 of the profiler primary server. Collector licenses installed on the secondary will have eth0 of the profiler secondary server. Both license installed on profiler Web GUI /user/beacon/working/flexlm/ NAC Guest Server eth0 MAC address of Cisco NAC Guest Server. For all devices: The eth0 MAC address entered must be in UPPER CASE (i.e. hexadecimal letters must be capitalized). Do not enter colons (":") in between characters. http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/license.html#wp39000 http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/license.html#wp43373

ACS: Purchase contract ACS express Appliance comes with a preinstalled license CSSC license 90 day trial license for both wired and wireless functions. Evaluation License: http://www.cisco.com/go/license/public. WW-LICENSING http://www.cisco.com/en/US/docs/wireless/wlan_adapter/secure_client/release/notes/ssc510_RN.html#wp47620

CONTENTS Product Overview Product License Logs and Debugs IOS/ASA AAA

Logs and Debugs CCA: CAM GUI: Go to Administration > CCA Manager > Support Logs. SSH: tail –f /perfigo/logs/perfigo-log0.log.0 CAS GUI: https://<CAS_eth0_IP_address>/admin. Monitoring > Support Logs. SSH: tail –f /perfigo/logs/perfigo-redirect-log0.log.0 CCA 4.5 The logs have moved to /perfigo/control/tomcat/logs/nac_manager.log CAS /perfigo/access/tomcat/logs/nac_server.log For normal operation, the log level should always remain at the default setting : Severe (CCA 4.1 or earlier) or Info (CCA 4.5).

CCA (4.1.x and earlier)

CCA 4.5 •WARN: Records only error and warning level messages for the given category. •INFO: Provides more details than the ERROR and WARN log levels. For example, if a user logs in successfully an Info message is logged. This is the default level of logging for the system. •DEBUG: Records all debug-level logs for the CAM. •TRACE: This is the maximum amount of log information available to help troubleshoot issues with the CAM/CAS.

NAC Profiler NAC Profiler Navigate through the Profiler GUI. Navigate to the Utilities tab, and select System Summary. At the bottom of the System Summary, Select Collect technical logs. NAC GS : http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_logs.html#wp1060357

ACS ACS for Windows 4.1.3 and earlier: Choose System Configuration > Service Control. Choose Full for the Level of Detail in the Service Log File Configuration pane. Run a few tests that you are certain will fail. Run cssupport.exe from C:\Program Files\CiscoSecure ACS v4.1\bin\cssupport.exe. The default location for the package.cab file is \<ACS_install_dir>\Utils\Support. ACS SE and ACS for windows (4.1.4 and later ) In the web interface, choose System Configuration > Support > Run Support Now. When you return to normal operation, be sure to set the logging level to Low. choose System Configuration > Service Control. Level of Detail Disables logging, or sets the level of logging: • None—No log file is generated. • Low—Only start and stop actions are logged. This is the default setting. • Full—All services actions are logged. Use this option when collecting data for customer support. This option provides customer support with enough data to research potential issues. Ensure that you have sufficient disk space to handle your log entries.

ACS XP http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_express/5.0/user/guide/reports.html

CSSC CSSC LogPackager utility : Download Cisco_logpackager-win.x86_1.5.0.1.zip. It captures the following information: current end-user technical log contents. current internal application activity log information on the machine's hardware and software environment. http://www.cisco.com/en/US/docs/wireless/wlan_adapter/secure_client/4.2.0/user/guide/sscUserGuide.pdf

R1#test aaa group radius test test123 new-code IOS debugs debug aaa authentication debug aaa authorization debug aaa accounting debug radius debug tacacs R1#test aaa group radius test test123 new-code ASA# test aaa-server authentication A-RAD host 10.22.22.5 username test password test123

CONTENTS Product Overview Product License Logs and Debugs IOS/ASA AAA

IOS/ASA AAA Telnet from R2 to R1 Telnet from R2 to ASA R1 ASA R2 (10.22.22.1)-------------------(10.22.22.11) (192.1.41.11)--------------(192.1.41.2) ACS 10.22.22.5 Telnet from R2 to R1 Telnet from R2 to ASA Http from R1 to R2

IOS IOS Telnet authentication: R1(config)#aaa new-model R1(config)#radius-server host 10.22.22.5 key cisco Telnet authentication: R1(config)#Username cisco123 password cisco123 R1(config)#aaa authentication login R-Telnet group radius local R1(config)#line vty 0 4 R1(config-line)#login authentication R-Telnet

ASA ASA(config)#aaa-server A-RAD protocol radius ASA(config)#aaa-server A-RAD host 10.22.22.5 ASA(config-aaa-server-host)# key cisco Telnet authentication ASA(config)#username admin password admin ASA(config)#aaa authentication telnet console A-RAD LOCAL Auth Proxy ASA(config)#access-list A-AUTH-PROXY extended permit tcp any host 192.1.41.2 eq www ASA(config)#access-group A-AUTH-PROXY in interface inside ASA(config)#aaa authentication match A-AUTH-PROXY inside A-RAD

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.