Presentation is loading. Please wait.

Presentation is loading. Please wait.

Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.

Published byStanley Grant Modified over 8 years ago

Similar presentations

Presentation on theme: "Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005."— Presentation transcript:

1 Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005

2 AAA Authentication Authentication Authorization Authorization Accounting Accounting

3 AAA Components AAA server AAA server Authenticates users accessing a device or network Authenticates users accessing a device or network Authorizes user to perform specific activities Authorizes user to perform specific activities Performs accounting of device or user activities Performs accounting of device or user activities We used clearbox tacacs+ server running on windows XP. We used clearbox tacacs+ server running on windows XP. Network Access Server (NAS) or Access Device Network Access Server (NAS) or Access Device A router, switch, or other network device that can perform AAA functions on users or devices connecting to it. A router, switch, or other network device that can perform AAA functions on users or devices connecting to it. We used both router Cisco 2500 and switch 2900 Catalyst as Network Access Server. We used both router Cisco 2500 and switch 2900 Catalyst as Network Access Server. RADIUS( Remote Authentication Dial-In User Service) RADIUS( Remote Authentication Dial-In User Service) TACACS+ (Terminal Access Controller Access Control System Plus) TACACS+ (Terminal Access Controller Access Control System Plus) Protocols that can be used by an access device to communicate with the AAA Protocols that can be used by an access device to communicate with the AAA We used TACACS+ We used TACACS+

4 TACACS+ TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server.

5 How it works

6 Configuration steps

7 Configuring Clearbox Tacacs+ server

8 Authentication Setting in ClearBox

9 Authorization Setting in ClearBox

10 Accounting Setting in ClearBox

11 Configuring the Router/Switch Configuring the Tacacs-server host Configuring the Tacacs-server host tacacs-server host 130.182.159.102 tacacs-server host 130.182.159.102 tacacs-server key key tacacs-server key key tacacs-server retransmit retries tacacs-server retransmit retries tacacs-server timeout seconds tacacs-server timeout seconds tacacs-server attempts count tacacs-server attempts count exit exit Show tacacs Show tacacs

12 Configuring the router/switch Authentication Authentication aaa new-model aaa new-model aaa authentication login default tacacs+ enable aaa authentication login default tacacs+ enable line con 0 line con 0 login authentication default login authentication default exit exit

13 Configuring the switch/router Authorization Authorization aaa authorization commands 0 tacacs+ aaa authorization commands 0 tacacs+ exit exit

14 Configuring the switch/router Accounting Accounting aaa accounting exec start-stop tacacs+ aaa accounting exec start-stop tacacs+ aaa accounting network start-stop tacacs+ aaa accounting network start-stop tacacs+ exit exit

15 Running configuration of switch

16 Running configuration of switch (Cont.)

17 Authentication

18 Authentication

19 Accounting

20 Authorization

21 Ethereal

Download ppt "Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005."

Similar presentations

© 2003, Cisco Systems, Inc. All rights reserved..

© 2003, Cisco Systems, Inc. All rights reserved..
Securing the Router Chris Cunningham.

Securing the Router Chris Cunningham.
Radius based ssh authentication Location of Radius server – radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key WinRadius – The same config.

Radius based ssh authentication Location of Radius server – radius-server host auth-port 1812 acct-port 1813 key WinRadius – The same config.
Operating and Configuring Cisco IOS Devices © 2004 Cisco Systems, Inc. All rights reserved. Operating Cisco IOS Software INTRO v2.0—8-1.

Operating and Configuring Cisco IOS Devices © 2004 Cisco Systems, Inc. All rights reserved. Operating Cisco IOS Software INTRO v2.0—8-1.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Operating Cisco IOS Software.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Operating Cisco IOS Software.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 3 – Authentication, Authorization and Accounting.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 3 – Authentication, Authorization and Accounting.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L11 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L11 1 Implementing Secure Converged Wide Area Networks (ISCW)
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
Setup a Cisco Switch with AAA Server CS580 Winter 2005 Presented by: Chris Orona Kevork Tamamian Xuong Tsan.

Setup a Cisco Switch with AAA Server CS580 Winter 2005 Presented by: Chris Orona Kevork Tamamian Xuong Tsan.
Authentication, Authorization, and Accounting

Authentication, Authorization, and Accounting
Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.

Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Remote Networking Architectures

Remote Networking Architectures
802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.

802.1x Port Authentication via RADIUS By Oswaldo Perdomo cs580 Network Security.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Similar presentations

Ads by Google