Cisco Systems 78-16019-02 manual Configuring Kerberos, Configuring Radius

Page 10

Chapter 3 Initial Configuration

Configuring Security Features

method you have implemented) in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, and auditing.

Refer to the “ Configuring Accounting” chapter in the Cisco IOS Security Configuration Guide.

Configuring Kerberos

For hosts and the KDC in your Kerberos realm to communicate and mutually authenticate, you must identify them to each other. To do this, you add entries for the hosts to the Kerberos database on the KDC and add SRVTAB files generated by the KDC to all hosts in the Kerberos realm. You also make entries for users in the KDC database.

Refer to the “Configuring Kerberos” chapter in the Cisco IOS Security Configuration Guide.

Configuring RADIUS

RADIUS is a distributed client/server system that secures networks against unauthorized access. RADIUS clients run on ATM switch router systems and send authentication requests to a central RADIUS server that contains all user authentication and network service access information. RADIUS is a fully open protocol, distributed in source code format, that can be modified to work with any security system currently available.

To configure RADIUS on your Cisco router or access server, perform the following tasks:

Step 1 Use the aaa new-modelglobal configuration command to enable AAA. AAA must be configured if you plan to use RADIUS. Refer to the “AAA Overview” chapter in the Cisco IOS Security Configuration Guide.

Step 2 Use the aaa authentication global configuration command to define method lists for RADIUS authentication.Refer to the “ Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.

Step 3 Use line and interface commands to enable the defined method lists to be used. Refer to the

Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.

The following configuration tasks are optional:

You may use the aaa group server command to group selected RADIUS hosts for specific services.

You may use the aaa dnis map command to select RADIUS server groups based on DNIS number. To use this command, you must define RADIUS server groups using the aaa group server command.

You may use the aaa authorization global command to authorize specific user functions. Refer to the “ Configuring Authorization” chapter in the Cisco IOS Security Configuration Guide.

You may use the aaa accounting command to enable accounting for RADIUS connections. Refer to the “ Configuring Accounting” chapter in the Cisco IOS Security Configuration Guide.

You may use the dialer aaa interface configuration command to create remote site profiles that contain outgoing call attributes on the AAA server.

Refer to the “Configuring RADIUS” chapter in the Cisco IOS Security Configuration Guide.

 

Cisco ONS 15530 Configuration Guide and Command Reference

3-10

78-16019-02, Cisco IOS Release 12.2(18)SV2

Image 10
Contents Initial Configuration About the CPU Switch ModuleStarting Up the Cisco ONS Using the Console Ports, NME Ports, and Auxiliary PortsYou can now begin configuring the CPU switch module You see the following user Exec promptEnable Secret Password About PasswordsEnable Password Modem SupportConfiguring IP Access on the NME Interface Command PurposeDisplaying the NME Interface Configuration Switch# configure terminal Configuring the Host NameDisplaying the Operating Configurations Switchconfig# hostname name Specifies a system nameONS15530# copy systemrunning-config nvramstartup-config Switch# configure terminal Switchconfig# hostname ONS15530About NTP Command Configuring NTPDisplaying the NTP Configuration Example PurposeConfiguring Authentication Configuring Security FeaturesConfiguring AAA Configuring AuthorizationConfiguring Kerberos Configuring RadiusConfiguring Traffic Filters and Firewalls Configuring TACACS+Configuring Passwords and Privileges About CPU Switch Module Redundancy CPU Switch Module State Transition Diagram State DescriptionRedundant Operation Requirements Forcing a Switchover from Privileged Exec Mode Configuring CPU Switch Module RedundancyRedundancy switch-activity force Forcing a Switchover from ROM Monitor Mode SwitchoverSwitchconfig# config-register Configuring AutobootDisplaying the Autoboot Configuration Bootflash filenameSynchronizing Configurations Manually Synchronizing the ConfigurationsFollowing example shows the contents of the boot variable Switchconfig-red# no auto-sync startup-config Filename When SynchronizedSwitchconfig-red# no auto-sync running-config Enabling and Disabling Automatic SynchronizationShow redundancy summary Configuring Maintenance ModeShow redundancy running-config-file Show redundancy capabilitySwitch# show redundancy summary ExamplesFollowing example shows the CPU switch module capabilities Switch# show redundancy capabilitySby-Switch#show redundancy running-config-file Reloading the CPU Switch ModulesSwitch# redundancy reload peer Enable Switchconfig-red# standby privilege-modeEnables access to privileged Exec mode from Standby CPU switch module CLI. The default stateAbout the Software Configuration Register Down4describes each of the software configuration register bits Software Configuration Register SettingsBit Number Hexadecimal Description Bit Address nethost Boot Field ValuesBit Baud Rate 7describes the values for the boot field Default System Boot BehaviorBoot Command Boot Field Value DescriptionSwitch# show version Changing the Software Configuration RegisterVerify the Configuration Register Value Displays the current configuration register valueSwitchconfig# environment-monitor shutdown fan Configuring Fan Failure ShutdownAbout Fan Failure Shutdown Displaying the Fan Tray Failure Shutdown Configuration Switch# show environment78-16019-02, Cisco IOS Release 12.218SV2