Information Technology Reference
In-Depth Information
Example 12-4
Router Configuration Example for AAA Using RADIUS (Continued)
aaa authorization commands 15 NO_AUTHOR none
aaa accounting exec default stop-only group radius
aaa accounting network default start-stop group radius
!
username admin privilege 15 password 7 xxxxxxxxxxxxx
username diallocal access-class 110 password 7 xxxxxxxxxxx
username diallocal autocommand ppp
!
radius-server host 172.22.53.204 auth-port 1645 acct-port 1646 key ciscorules
!
line con 0
authorization commands 15 NO_AUTHOR
authorization exec NO_AUTHOR
login authentication NO_AUTHEN
transport input none
Kerberos
Kerberos is a network authentication protocol that is designed to provide authentication for
client/server applications by using secret-key cryptography. The Kerberos protocol uses strong
cryptography so that a client can prove its identity to a server (and vice versa) across an insecure
network connection. After a client and server use Kerberos to prove their identity, they can also
encrypt all their communications to ensure privacy and data integrity as they conduct their
business.
Kerberos is not a test topic; therefore, it is not covered further in this topic. TACACS and
RADIUS are AAA protocols that are definitely in the test; these are covered here.
TACACS
TACACS was first discussed in RFC 1492, “An Access Control Protocol, Sometimes Called
TACACS.” Cisco has three versions of the protocol:
•
TAC ACS
•
Extended TACACS
•
TAC ACS+
TACACS is the first standards-based implementation of the protocol. Extended TACACS
(XTACACS) is an extension of the protocol that provides additional router information. Both
of these versions are deprecated and are no longer supported by Cisco.
TACACS+ is the supported version of the protocol, which provides detailed accounting infor-
mation and flexible administrative control over authentication and authorization processes. It is
Search WWH ::
Custom Search