Difference between revisions of "CCNP TSHOOT Learning Guide/Chapter 9"

From Teknologisk videncenter
Jump to: navigation, search
m (AAA)
m (Radius)
 
(One intermediate revision by one other user not shown)
Line 2: Line 2:
 
==AAA==
 
==AAA==
 
===Radius===
 
===Radius===
 +
Example
 
<source lang=cli>
 
<source lang=cli>
 
enable secret 5 $1$zH7k$U84Js/TPyh3mzsPpuQss/1
 
enable secret 5 $1$zH7k$U84Js/TPyh3mzsPpuQss/1
Line 17: Line 18:
 
ip telnet source-interface Vlan100
 
ip telnet source-interface Vlan100
 
ip ssh source-interface Vlan100
 
ip ssh source-interface Vlan100
 +
radius-server host 10.0.0.1 auth-port 1812 key cisco
 
!
 
!
 
line con 0
 
line con 0
Line 27: Line 29:
 
  transport input ssh
 
  transport input ssh
 
</source>
 
</source>
 +
 
=== Troubleshooting===
 
=== Troubleshooting===
 
*'''debug aaa authorization'''
 
*'''debug aaa authorization'''

Latest revision as of 20:59, 20 June 2010

Maintaining and Troubleshooting Network Security Implementations

AAA

Radius

Example

enable secret 5 $1$zH7k$U84Js/TPyh3mzsPpuQss/1
!
username admin secret 5 $1$yGKr$lvsrt5i61iV63FohXNTPS0
aaa new-model
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authentication login TELNET_LINES group radius local
aaa authorization exec default group radius local
aaa authorization exec TELNET_LINES group radius local
!
aaa session-id common
ip telnet source-interface Vlan100
ip ssh source-interface Vlan100
radius-server host 10.0.0.1 auth-port 1812 key cisco
!
line con 0
 exec-timeout 60 0
 logging synchronous
 login authentication CONSOLE
line vty 0 4
 exec-timeout 60 0
 login authentication TELNET_LINES
 transport input ssh

Troubleshooting

  • debug aaa authorization
  • debug aaa accounting
  • debug aaa authentication
  • debug radius
  • debug tacacs