Difference between revisions of "CCNP TSHOOT Learning Guide/Chapter 9"
From Teknologisk videncenter
m (New page: =Maintaining and Troubleshooting Network Security Implementations = ==AAA== ===Radius=== <source lang=cli> enable secret 5 $1$zH7k$U84Js/TPyh3mzsPpuQss/1 ! username admin secret 5 $1$yGKr$...) |
m (→Radius) |
||
(2 intermediate revisions by one other user not shown) | |||
Line 2: | Line 2: | ||
==AAA== | ==AAA== | ||
===Radius=== | ===Radius=== | ||
+ | Example | ||
<source lang=cli> | <source lang=cli> | ||
enable secret 5 $1$zH7k$U84Js/TPyh3mzsPpuQss/1 | enable secret 5 $1$zH7k$U84Js/TPyh3mzsPpuQss/1 | ||
Line 17: | Line 18: | ||
ip telnet source-interface Vlan100 | ip telnet source-interface Vlan100 | ||
ip ssh source-interface Vlan100 | ip ssh source-interface Vlan100 | ||
+ | radius-server host 10.0.0.1 auth-port 1812 key cisco | ||
! | ! | ||
line con 0 | line con 0 | ||
Line 27: | Line 29: | ||
transport input ssh | transport input ssh | ||
</source> | </source> | ||
+ | |||
+ | === Troubleshooting=== | ||
+ | *'''debug aaa authorization''' | ||
+ | *'''debug aaa accounting''' | ||
+ | *'''debug aaa authentication''' | ||
+ | *'''debug radius''' | ||
+ | *'''debug tacacs''' | ||
+ | |||
+ | |||
{{Source cli}} | {{Source cli}} | ||
[[Category:CCNPv6]][[Category:CCNPv6 TSHOOT]] | [[Category:CCNPv6]][[Category:CCNPv6 TSHOOT]] |
Latest revision as of 20:59, 20 June 2010
Contents
Maintaining and Troubleshooting Network Security Implementations
AAA
Radius
Example
enable secret 5 $1$zH7k$U84Js/TPyh3mzsPpuQss/1
!
username admin secret 5 $1$yGKr$lvsrt5i61iV63FohXNTPS0
aaa new-model
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authentication login TELNET_LINES group radius local
aaa authorization exec default group radius local
aaa authorization exec TELNET_LINES group radius local
!
aaa session-id common
ip telnet source-interface Vlan100
ip ssh source-interface Vlan100
radius-server host 10.0.0.1 auth-port 1812 key cisco
!
line con 0
exec-timeout 60 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 60 0
login authentication TELNET_LINES
transport input ssh
Troubleshooting
- debug aaa authorization
- debug aaa accounting
- debug aaa authentication
- debug radius
- debug tacacs