
Chapter 3 Initial Configuration
Configuring Security Features
method you have implemented) in the form of accounting records. Each accounting record contains accounting
Refer to the “ Configuring Accounting” chapter in the Cisco IOS Security Configuration Guide.
Configuring Kerberos
For hosts and the KDC in your Kerberos realm to communicate and mutually authenticate, you must identify them to each other. To do this, you add entries for the hosts to the Kerberos database on the KDC and add SRVTAB files generated by the KDC to all hosts in the Kerberos realm. You also make entries for users in the KDC database.
Refer to the “Configuring Kerberos” chapter in the Cisco IOS Security Configuration Guide.
Configuring RADIUS
RADIUS is a distributed client/server system that secures networks against unauthorized access. RADIUS clients run on ATM switch router systems and send authentication requests to a central RADIUS server that contains all user authentication and network service access information. RADIUS is a fully open protocol, distributed in source code format, that can be modified to work with any security system currently available.
To configure RADIUS on your Cisco router or access server, perform the following tasks:
Step 1 Use the aaa
Step 2 Use the aaa authentication global configuration command to define method lists for RADIUS authentication.Refer to the “ Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.
Step 3 Use line and interface commands to enable the defined method lists to be used. Refer to the
“Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.
The following configuration tasks are optional:
•You may use the aaa group server command to group selected RADIUS hosts for specific services.
•You may use the aaa dnis map command to select RADIUS server groups based on DNIS number. To use this command, you must define RADIUS server groups using the aaa group server command.
•You may use the aaa authorization global command to authorize specific user functions. Refer to the “ Configuring Authorization” chapter in the Cisco IOS Security Configuration Guide.
•You may use the aaa accounting command to enable accounting for RADIUS connections. Refer to the “ Configuring Accounting” chapter in the Cisco IOS Security Configuration Guide.
•You may use the dialer aaa interface configuration command to create remote site profiles that contain outgoing call attributes on the AAA server.
Refer to the “Configuring RADIUS” chapter in the Cisco IOS Security Configuration Guide.
| Cisco ONS 15530 Configuration Guide and Command Reference |