beautypg.com
ii
Enabling ACL acceleration for an IPv4 basic or IPv4 advanced ACL ····························································· 33
Displaying and maintaining ACLs ······················································································································· 33
IPv4 advanced ACL configuration examples······································································································ 34
IPv6 advanced ACL configuration example ······································································································· 34
Configuring AAA ······················································································································································· 37
Overview ········································································································································································· 37
RADIUS ··································································································································································· 38
HWTACACS ·························································································································································· 43
Domain-based user management ························································································································ 45
AAA for multi-VPNs ··············································································································································· 46
Protocols and standards ······································································································································· 46
RADIUS attributes ·················································································································································· 46
AAA configuration considerations and task list ·········································································································· 49
Configuring AAA schemes ············································································································································ 51
Configuring local users ········································································································································· 51
Configuring RADIUS schemes ······························································································································ 55
Configuring HWTACACS schemes ····················································································································· 65
Configuring AAA methods for ISP domains ················································································································ 71
Creating an ISP domain ······································································································································· 72
Configuring ISP domain attributes ······················································································································· 72
Configuring authentication methods for an ISP domain ··················································································· 73
Configuring authorization methods for an ISP domain ····················································································· 75
Configuring accounting methods for an ISP domain ························································································· 76
Displaying and maintaining AAA ································································································································ 78
AAA configuration examples ········································································································································ 78
Authentication/authorization for Telnet/SSH users by a RADIUS server ························································ 78
Local authentication/authorization for Telnet/FTP users ··················································································· 81
Level switching authentication for Telnet users by a RADIUS server ································································ 82
Troubleshooting AAA ···················································································································································· 86
Troubleshooting RADIUS ······································································································································· 86
Troubleshooting HWTACACS ······························································································································ 88
Configuring password control ··································································································································· 89
Password control configuration task list ······················································································································· 91
Enabling password control ··········································································································································· 92
Setting global password control parameters ·············································································································· 93
Setting user group password control parameters ······································································································· 94
Setting local user password control parameters ········································································································· 94
Setting super password control parameters ················································································································ 95
Setting a local user password in interactive mode ····································································································· 96
Displaying and maintaining password control ··········································································································· 96
Password control configuration example ···················································································································· 96
Managing public keys ··············································································································································· 99
Configuration task list ···················································································································································· 99
Creating a local asymmetric key pair ························································································································ 100
Displaying or exporting the local host public key ···································································································· 100
Displaying and recording the host public key information ······················································································ 101
Displaying the host public key in a specific format and saving it to a file ···························································· 101
Exporting the host public key in a specific format to a file ····················································································· 101
Destroying a local asymmetric key pair ···················································································································· 101
Specifying the peer public key on the local device ·································································································· 102
Displaying public keys ················································································································································· 103
Public key configuration examples ····························································································································· 103
Manually specifying the peer public key on the local device ········································································ 103
