Presentation is loading. Please wait.

Presentation is loading. Please wait.

Setup a Cisco Switch with AAA Server CS580 Winter 2005 Presented by: Chris Orona Kevork Tamamian Xuong Tsan.

Published byGavin Barrett Modified over 9 years ago

Similar presentations

Presentation on theme: "Setup a Cisco Switch with AAA Server CS580 Winter 2005 Presented by: Chris Orona Kevork Tamamian Xuong Tsan."— Presentation transcript:

1 Setup a Cisco Switch with AAA Server CS580 Winter 2005 Presented by: Chris Orona Kevork Tamamian Xuong Tsan

2 What is AAA Server? AAA (Authentication, Authorization, Accounting)AAA (Authentication, Authorization, Accounting) For example: RADIUS (Remote Authentication Dial- In User Service) RADIUS (Remote Authentication Dial- In User Service) TACACS (Terminal Access Controller Access Control System) TACACS (Terminal Access Controller Access Control System)

3 TACACS Specified in RFC 1492Specified in RFC 1492 Uses port 49 (TCP or UDP)Uses port 49 (TCP or UDP) XTACACS – TACACS extensions created by CiscoXTACACS – TACACS extensions created by Cisco

4 TACACS server on a switch switch(config)# login tacacs switch(config)# tacacs-server host 192.20.22.7 switch(config)# tacacs-server key "I am cool" switch(config)# tacacs-server attempts 3 switch(config)# tacacs-server timeout 5

5 TACACS server cont.. TACACS Verification switch# show tacacs Enable use-tacacs:Enabled Login tacacs:Enabled tacacs-server last-resort:password tacacs-server hosts:192.20.27.7 tacacs-server key:I am cool tacacs-server login attempts:3 tacacs-server timeout:5 seconds tacacs-server directed-request:Disabled

6 TACACS+ An new version of TACACS, however less compatibleAn new version of TACACS, however less compatible Uses a separate server for AAAUses a separate server for AAA

7 TACACS+ packet 4 bits 8 bits MajorMinor Packet type Sequence No. Flags Session ID (4 bytes) Length (4 bytes) Major/Minor versionMajor/Minor version Packet TypePacket Type Authentication, Authorization, or AccountingAuthentication, Authorization, or Accounting FlagsFlags Whether encryption is setWhether encryption is set

8 TACACS+ Traffic

9 Authentication Enables the switch/router to ask for passwords on a remote serverEnables the switch/router to ask for passwords on a remote server Set up passwords for login and enable accessSet up passwords for login and enable access Backup with enable password in case server is downBackup with enable password in case server is down aaa new-model aaa authentication login default tacacs+ enable aaa authentication enable default tacacs+ enable

10 Authorization Request authorization for events. Obtaining a shell, configuring, or certain commandsRequest authorization for events. Obtaining a shell, configuring, or certain commands Again, have a backup command in case the server is down.Again, have a backup command in case the server is down. aaa authorization exec default tacacs+ if- authenticated

11 Accounting Log access and attempted access to a remote serverLog access and attempted access to a remote server Can log inbound and/or outbound connectionsCan log inbound and/or outbound connections Types of accountingTypes of accounting start-stop: records without waiting for the serverstart-stop: records without waiting for the server stop-only: only records when action is completedstop-only: only records when action is completed wait-start: waits for log to be sent before allowing actionwait-start: waits for log to be sent before allowing action aaa accounting exec default start-stop tacacs+ aaa accounting connection default start-stop tacacs+

12 ClearBox RADIUS and TACACS+ Server 2.4.5 Available for WindowsAvailable for Windows Can authenticate against a Windows domain or SQL database (Access, SQL server, ODBC, etc.)Can authenticate against a Windows domain or SQL database (Access, SQL server, ODBC, etc.) $399, or free trial version with limited password functionality.$399, or free trial version with limited password functionality.

13 Reference Links http://www.cisco.com/en/US/products/hw/switches/ps637/produc ts_configuration_guide_chapter09186a008007da46.html#15411http://www.cisco.com/en/US/products/hw/switches/ps637/produc ts_configuration_guide_chapter09186a008007da46.html#15411http://www.cisco.com/en/US/products/hw/switches/ps637/produc ts_configuration_guide_chapter09186a008007da46.html#15411http://www.cisco.com/en/US/products/hw/switches/ps637/produc ts_configuration_guide_chapter09186a008007da46.html#15411 http://www.cisco.com/en/US/tech/tk59/technologies_configuratio n_example09186a0080093c7c.shtmlhttp://www.cisco.com/en/US/tech/tk59/technologies_configuratio n_example09186a0080093c7c.shtmlhttp://www.cisco.com/en/US/tech/tk59/technologies_configuratio n_example09186a0080093c7c.shtmlhttp://www.cisco.com/en/US/tech/tk59/technologies_configuratio n_example09186a0080093c7c.shtml http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09 186a0080094e99.shtmlhttp://www.cisco.com/en/US/tech/tk59/technologies_tech_note09 186a0080094e99.shtmlhttp://www.cisco.com/en/US/tech/tk59/technologies_tech_note09 186a0080094e99.shtmlhttp://www.cisco.com/en/US/tech/tk59/technologies_tech_note09 186a0080094e99.shtml http://www.informit.com/articles/article.asp?p=170744&seqNum =2http://www.informit.com/articles/article.asp?p=170744&seqNum =2http://www.informit.com/articles/article.asp?p=170744&seqNum =2http://www.informit.com/articles/article.asp?p=170744&seqNum =2 http://www.cisco.com/pcgi- bin/search/search.pl?searchPhrase=cisco+router+1601+support+ tacacs&x=0&y=0&nv=Search+All+Cisco.com%23%23cisco.com& nv=Technical+Support%26Documentation%23%23cisco.com%23 TSD&language=en&country=US&accessLevel=Guest&siteToSearc h=cisco.comhttp://www.cisco.com/pcgi- bin/search/search.pl?searchPhrase=cisco+router+1601+support+ tacacs&x=0&y=0&nv=Search+All+Cisco.com%23%23cisco.com& nv=Technical+Support%26Documentation%23%23cisco.com%23 TSD&language=en&country=US&accessLevel=Guest&siteToSearc h=cisco.com http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/produ cts_configuration_guide_chapter09186a00800ca7a7.html#16099http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/produ cts_configuration_guide_chapter09186a00800ca7a7.html#16099http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/produ cts_configuration_guide_chapter09186a00800ca7a7.html#16099http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/produ cts_configuration_guide_chapter09186a00800ca7a7.html#16099 Clearbox server: http://www.xperiencetech.com/Clearbox server: http://www.xperiencetech.com/

Download ppt "Setup a Cisco Switch with AAA Server CS580 Winter 2005 Presented by: Chris Orona Kevork Tamamian Xuong Tsan."

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Securing the Router Chris Cunningham.

Securing the Router Chris Cunningham.
Radius based ssh authentication Location of Radius server – radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key WinRadius – The same config.

Radius based ssh authentication Location of Radius server – radius-server host auth-port 1812 acct-port 1813 key WinRadius – The same config.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Ferry Astika Saputra Workshop Administrasi Jaringan TELNET & SSH.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Ferry Astika Saputra Workshop Administrasi Jaringan TELNET & SSH.
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Secure Remote Access: SSH. K. Salah 2 What is SSH?  SSH – Secure Shell  SSH is a protocol for secure remote login and other secure network services.

Secure Remote Access: SSH. K. Salah 2 What is SSH?  SSH – Secure Shell  SSH is a protocol for secure remote login and other secure network services.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L11 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L11 1 Implementing Secure Converged Wide Area Networks (ISCW)
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Authentication, Authorization, and Accounting

Authentication, Authorization, and Accounting
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.

802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Brian Dwyer – CITA370. Introduction  Network Device Security  Identity Management AAA Process Model ○ Authentication ○ Authorization ○ Accounting (Sometimes.

Brian Dwyer – CITA370. Introduction  Network Device Security  Identity Management AAA Process Model ○ Authentication ○ Authorization ○ Accounting (Sometimes.
Chapter 17 TACACS+.

Chapter 17 TACACS+.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.

Similar presentations

Ads by Google