Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAA Introduction Chalk Talk

Published byKelley Webster Modified over 6 years ago

Similar presentations

Presentation on theme: "AAA Introduction Chalk Talk"— Presentation transcript:

1 AAA Introduction Chalk Talk
Foundation Concepts ABHISHEK NEELAKANATA

2 CONTENTS Product Overview Product License Logs and Debugs IOS/ASA AAA

3 Product Overview NAC Cisco Clean Access (CCA) NAC Profiler
NAC Collector Guest Server ACS Cisco secure ACS on Windows ACS SE ACS Unix ACS Express IOS/FW/ASA AAA Auth Proxy 802.1x on SW WLSE AAA User Registration Tool (URT) (EOL: HW - March 31, 2011, App SW - March 31, 2009) Cisco Access Register (CAR) Cisco Security Manager ACS Integration Windows OS: Windows Supplicant CSSC CCA agent

4 CONTENTS Product Overview Product License Logs and Debugs IOS/ASA AAA

5 Product License Cisco Clean Access (CCA)
For CAM, or CAS, or CAS Failover (HA) licenses: CAM's eth0 MAC address. For CAM Failover (HA) license only: eth0 MAC address of the secondary CAM. Both license installed on CAM GUI /perfigo/control/tomcat/normal-webapps/upload/ Cisco NAC Profiler Server/Collector For standalone profiler and collector : eth0 MAC address of the NAC Profiler Server HA Profiler : submit eth0 of primary and secondary profiler. HA Collector : Installed on the primary will have eth0 of the profiler primary server. Collector licenses installed on the secondary will have eth0 of the profiler secondary server. Both license installed on profiler Web GUI /user/beacon/working/flexlm/ NAC Guest Server eth0 MAC address of Cisco NAC Guest Server. For all devices: The eth0 MAC address entered must be in UPPER CASE (i.e. hexadecimal letters must be capitalized). Do not enter colons (":") in between characters.

6

7 ACS: Purchase contract ACS express
Appliance comes with a preinstalled license CSSC license 90 day trial license for both wired and wireless functions. Evaluation License: WW-LICENSING

8 CONTENTS Product Overview Product License Logs and Debugs IOS/ASA AAA

9 Logs and Debugs CCA: CAM GUI: Go to Administration > CCA Manager > Support Logs. SSH: tail –f /perfigo/logs/perfigo-log0.log.0 CAS GUI: Monitoring > Support Logs. SSH: tail –f /perfigo/logs/perfigo-redirect-log0.log.0 CCA 4.5 The logs have moved to /perfigo/control/tomcat/logs/nac_manager.log CAS /perfigo/access/tomcat/logs/nac_server.log For normal operation, the log level should always remain at the default setting : Severe (CCA 4.1 or earlier) or Info (CCA 4.5).

10 CCA (4.1.x and earlier)

11 CCA 4.5 •WARN: Records only error and warning level messages for the given category. •INFO: Provides more details than the ERROR and WARN log levels. For example, if a user logs in successfully an Info message is logged. This is the default level of logging for the system. •DEBUG: Records all debug-level logs for the CAM. •TRACE: This is the maximum amount of log information available to help troubleshoot issues with the CAM/CAS.

12 NAC Profiler NAC Profiler Navigate through the Profiler GUI. Navigate to the Utilities tab, and select System Summary. At the bottom of the System Summary, Select Collect technical logs. NAC GS :

13 ACS ACS for Windows 4.1.3 and earlier:
Choose System Configuration > Service Control. Choose Full for the Level of Detail in the Service Log File Configuration pane. Run a few tests that you are certain will fail. Run cssupport.exe from C:\Program Files\CiscoSecure ACS v4.1\bin\cssupport.exe. The default location for the package.cab file is \<ACS_install_dir>\Utils\Support. ACS SE and ACS for windows (4.1.4 and later ) In the web interface, choose System Configuration > Support > Run Support Now. When you return to normal operation, be sure to set the logging level to Low. choose System Configuration > Service Control. Level of Detail Disables logging, or sets the level of logging: • None—No log file is generated. • Low—Only start and stop actions are logged. This is the default setting. • Full—All services actions are logged. Use this option when collecting data for customer support. This option provides customer support with enough data to research potential issues. Ensure that you have sufficient disk space to handle your log entries.

14

15 ACS XP

16 CSSC CSSC LogPackager utility :
Download Cisco_logpackager-win.x86_ zip. It captures the following information: current end-user technical log contents. current internal application activity log information on the machine's hardware and software environment.

17 R1#test aaa group radius test test123 new-code
IOS debugs debug aaa authentication debug aaa authorization debug aaa accounting debug radius debug tacacs R1#test aaa group radius test test123 new-code ASA# test aaa-server authentication A-RAD host username test password test123

18 CONTENTS Product Overview Product License Logs and Debugs IOS/ASA AAA

19 IOS/ASA AAA Telnet from R2 to R1 Telnet from R2 to ASA
R ASA R2 ( ) ( ) ( ) ( ) ACS Telnet from R2 to R1 Telnet from R2 to ASA Http from R1 to R2

20 IOS IOS Telnet authentication: R1(config)#aaa new-model
R1(config)#radius-server host key cisco Telnet authentication: R1(config)#Username cisco123 password cisco123 R1(config)#aaa authentication login R-Telnet group radius local R1(config)#line vty R1(config-line)#login authentication R-Telnet

21 ASA ASA(config)#aaa-server A-RAD protocol radius
ASA(config)#aaa-server A-RAD host ASA(config-aaa-server-host)# key cisco Telnet authentication ASA(config)#username admin password admin ASA(config)#aaa authentication telnet console A-RAD LOCAL Auth Proxy ASA(config)#access-list A-AUTH-PROXY extended permit tcp any host eq www ASA(config)#access-group A-AUTH-PROXY in interface inside ASA(config)#aaa authentication match A-AUTH-PROXY inside A-RAD

22

Download ppt "AAA Introduction Chalk Talk"

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Chapter 10 Server Administration1 Ch. 10 – Server Administration MIS 431 – created Spring 2006.

Chapter 10 Server Administration1 Ch. 10 – Server Administration MIS 431 – created Spring 2006.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
Ch. 5 – Access Points. Overview Access Point Connection.

Ch. 5 – Access Points. Overview Access Point Connection.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Hands-On Virtual Computing

Hands-On Virtual Computing
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 NGWC – Central Webauth (CWA) using ISE 3850 and 5760 Viten Patel – RTP Wireless.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 NGWC – Central Webauth (CWA) using ISE 3850 and 5760 Viten Patel – RTP Wireless.
Chapter 3: Authentication, Authorization, and Accounting

Chapter 3: Authentication, Authorization, and Accounting
Troubleshooting Windows Vista Security Chapter 4.

Troubleshooting Windows Vista Security Chapter 4.

Similar presentations

Ads by Google