Title:
Cisco access control security : AAA administrative services
Personal Author:
Series:
Networking technology series
Publication Information:
Indianapolis, IN : Cisco Press, 2004
ISBN:
9781587051241
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010105247 | QA76.3 C374 2004 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Provides you with the skills needed to configure authentication, authorization, and accounting (AAA) services on Cisco devices. Divided into three parts, this book presents configuration details of centralized identity networking solutions. It also provides an overview of the AAA architecture, with discussions of configuring Cisco routers for AAA.
Author Notes
Brandon J. Carroll is a certified Cisco Systems instructor with Ascolta Training Company
Table of Contents
Introduction | p. xx |
Part I AAA Overview | p. 3 |
Chapter 1 Authentication, Authorization, and Accounting Overview | p. 5 |
Authentication Overview | p. 6 |
Authentication Example | p. 7 |
Authorization Overview | p. 8 |
Authorization Example | p. 9 |
Accounting Overview | p. 10 |
Accounting Example | p. 12 |
Cisco Device Support for AAA | p. 12 |
Summary | p. 13 |
End Notes | p. 13 |
Chapter 2 TACACS+ and RADIUS | p. 15 |
A Brief Overview of TACACS+ | p. 15 |
A Brief Overview of RADIUS | p. 16 |
TACACS+ in Detail | p. 16 |
RADIUS in Detail | p. 42 |
Summary | p. 49 |
End Notes | p. 50 |
Chapter 3 Authentication Configuration on Cisco Routers | p. 53 |
Local Authentication | p. 53 |
Authentication Configurations Using Cisco Secure ACS for Windows Server and Cisco Secure ACS Solution Engine | p. 59 |
Debugging Authentication | p. 59 |
Authentication Command References | p. 61 |
Summary | p. 61 |
Part II Enterprise AAA and Cisco Secure Access Control Server | p. 63 |
Chapter 4 Enterprise Authentication Servers | p. 65 |
Cisco Secure Access Control Server Software and Versions | p. 65 |
Cisco Secure Solution Engine | p. 71 |
Summary | p. 72 |
Chapter 5 Deploying Cisco Secure Access Control Server for Windows Server | p. 75 |
What Is ACS? | p. 75 |
How to Obtain ACS | p. 76 |
Requirements to Run ACS Version 3.2 | p. 76 |
Installing ACS | p. 77 |
Reinstalling ACS and Using an Existing ACS Database | p. 81 |
Positioning ACS in Your Network | p. 81 |
Summary | p. 86 |
Chapter 6 Getting Familiar with CSACS | p. 89 |
Navigating the HTML Interface | p. 89 |
Starting Point for Configuring Your Server | p. 107 |
Configuring Your Interface | p. 111 |
Preparing to Add Users | p. 114 |
Summary | p. 117 |
Chapter 7 Configuring User Accounts | p. 119 |
Adding Users to the Database | p. 119 |
User Changeable Passwords | p. 123 |
Authenticating Users to a Windows NT/2000 Database | p. 132 |
Advanced Configurations | p. 138 |
Summary | p. 143 |
End Notes | p. 143 |
Chapter 8 Configuring User Groups | p. 147 |
Group-Level Configuration of ACS | p. 147 |
PPP Callback Configuration | p. 154 |
Configuring Network Access Restrictions | p. 155 |
Max Sessions, Usage Quotas, and Password Aging Rules | p. 160 |
IP Assignment and Downloadable ACLs | p. 162 |
Using TACACS+ for Group Configuration | p. 169 |
Summary | p. 184 |
End Notes | p. 185 |
Chapter 9 Managing Network Configurations | p. 187 |
Configuring a Distributed System | p. 187 |
Configuring Network Device Groups | p. 191 |
Configuring Proxy Distribution Tables | p. 194 |
Using Remote Accounting | p. 201 |
Using Network Device Searches | p. 202 |
Creating a Complete Distributed Network | p. 205 |
Client Configuration | p. 208 |
Troubleshooting Network Configurations | p. 214 |
Summary | p. 215 |
Chapter 10 Configuring Shared Profile Components | p. 217 |
Downloadable ACLs | p. 218 |
Network Access Restrictions | p. 221 |
Configuring Network Access Restrictions | p. 223 |
Command Authorization Sets | p. 228 |
Troubleshooting Extended Configurations | p. 237 |
Common Issues of Network Access Restrictions | p. 240 |
And Do Not Forget the Importance of Documentation | p. 240 |
Summary | p. 241 |
Chapter 11 System Configuration | p. 243 |
How Users Interact with Your External Database Configuration | p. 243 |
External Database Configuration | p. 244 |
Database Group Mappings | p. 271 |
Unknown User Policy | p. 272 |
Database Replication | p. 272 |
Synchronization of ACS Devices | p. 277 |
Summary | p. 281 |
End Notes | p. 281 |
Chapter 12 Reports and Logging for Windows Server | p. 283 |
ACS Reports | p. 283 |
Logging Attributes in ACS Reports | p. 285 |
ACS Reports | p. 293 |
Remote Logging with ACS | p. 308 |
Additional Logs Maintained by ACS | p. 312 |
Summary | p. 315 |
Chapter 13 Exploring TACACS+ Attribute Values | p. 317 |
TACACS+ AV Pairs Overview | p. 317 |
Attributes of TACACS+ AV Pairs | p. 318 |
AV Pair Example PPP Network | p. 325 |
Understanding TACACS+ AV Pairs in the ACS Interface | p. 330 |
Summary | p. 335 |
Part III Service Provider AAA and the Cisco Access Registrar | p. 339 |
Chapter 14 Service Provider AAA and the Cisco CNS Access Registrar | p. 341 |
Service Provider (SP) Model | p. 341 |
Service Provider Challenge | p. 341 |
Value Added Services | p. 342 |
Cisco CNS Access Registrar | p. 342 |
Options of AR | p. 343 |
AR's Architecture | p. 344 |
Installation Requirements for AR on Solaris 8 | p. 352 |
Installing AR | p. 354 |
AR's Subdirectories | p. 357 |
Configuring Cisco CNS AR | p. 358 |
Summary | p. 359 |
End Notes | p. 360 |
Chapter 15 Configuring the Cisco Access Registrar | p. 363 |
Using aregcmd to Configure AR | p. 363 |
AR's Server Object Hierarchy | p. 367 |
Configuring the ACE ISP as a Basic Site | p. 369 |
Configuring AR's Administrators | p. 370 |
Configuring the RADIUS Server | p. 371 |
Validating and Saving Your Changes to AR | p. 381 |
Testing Your Configuration | p. 382 |
Troubleshooting Your Configuration with trace | p. 383 |
Summary | p. 385 |
End Notes | p. 385 |
Part IV Appendix | p. 387 |
Appendix A RADIUS Attribute Tables | p. 389 |
Index | p. 419 |