setup a cisco switch with aaa server n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Setup a Cisco Switch with AAA Server PowerPoint Presentation
Download Presentation
Setup a Cisco Switch with AAA Server

Loading in 2 Seconds...

play fullscreen
1 / 13

Setup a Cisco Switch with AAA Server - PowerPoint PPT Presentation


  • 547 Views
  • Uploaded on

Setup a Cisco Switch with AAA Server. CS580 Winter 2005 Presented by: Chris Orona Kevork Tamamian Xuong Tsan. What is AAA Server?. AAA ( Authentication, Authorization, Accounting) For example: RADIUS (Remote Authentication Dial-In User Service)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Setup a Cisco Switch with AAA Server' - andrew


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
setup a cisco switch with aaa server

Setup a Cisco Switch with AAA Server

CS580 Winter 2005

Presented by:

Chris Orona

Kevork Tamamian

Xuong Tsan

what is aaa server
What is AAA Server?
  • AAA ( Authentication, Authorization, Accounting)

For example:

RADIUS (Remote Authentication Dial-In User Service)

TACACS (Terminal Access Controller Access Control System)

tacacs
TACACS
  • Specified in RFC 1492
  • Uses port 49 (TCP or UDP)
  • XTACACS – TACACS extensions created by Cisco
tacacs server on a switch
TACACS server on a switch

switch(config)# login tacacs

switch(config)# tacacs-server host 192.20.22.7

switch(config)# tacacs-server key "I am cool"

switch(config)# tacacs-server attempts 3

switch(config)# tacacs-server timeout 5

tacacs server cont
TACACS server cont..

TACACS Verification

switch# show tacacs

Enable use-tacacs:Enabled

Login tacacs:Enabled

tacacs-server last-resort:password

tacacs-server hosts:192.20.27.7

tacacs-server key:I am cool

tacacs-server login attempts:3

tacacs-server timeout:5 seconds

tacacs-server directed-request:Disabled

tacacs1
TACACS+
  • An new version of TACACS, however less compatible
  • Uses a separate server for AAA
tacacs packet
TACACS+ packet
  • Major/Minor version
  • Packet Type
    • Authentication, Authorization, or Accounting
  • Flags
    • Whether encryption is set
authentication
Authentication
  • Enables the switch/router to ask for passwords on a remote server
  • Set up passwords for login and enable access
  • Backup with enable password in case server is down

aaa new-model

aaa authentication login default tacacs+ enable

aaa authentication enable default tacacs+ enable

authorization
Authorization
  • Request authorization for events. Obtaining a shell, configuring, or certain commands
  • Again, have a backup command in case the server is down.

aaa authorization exec default tacacs+ if-authenticated

accounting
Accounting
  • Log access and attempted access to a remote server
  • Can log inbound and/or outbound connections
  • Types of accounting
    • start-stop: records without waiting for the server
    • stop-only: only records when action is completed
    • wait-start: waits for log to be sent before allowing action

aaa accounting exec default start-stop tacacs+

aaa accounting connection default start-stop tacacs+

clearbox radius and tacacs server 2 4 5
ClearBox RADIUS and TACACS+ Server 2.4.5
  • Available for Windows
  • Can authenticate against a Windows domain or SQL database (Access, SQL server, ODBC, etc.)
  • $399, or free trial version with limited password functionality.
reference links
Reference Links
  • http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007da46.html#15411
  • http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a0080093c7c.shtml
  • http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml
  • http://www.informit.com/articles/article.asp?p=170744&seqNum=2
  • http://www.cisco.com/pcgi-bin/search/search.pl?searchPhrase=cisco+router+1601+support+tacacs&x=0&y=0&nv=Search+All+Cisco.com%23%23cisco.com&nv=Technical+Support%26Documentation%23%23cisco.com%23TSD&language=en&country=US&accessLevel=Guest&siteToSearch=cisco.com
  • http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a7.html#16099
  • Clearbox server: http://www.xperiencetech.com/