Cisco Systems 78-16019-02 Configuring Kerberos, Configuring RADIUS

3-10

Cisco ONS 15530 Configuration Guide and Command Reference

78-16019-02, Cisco IOS Release 12.2(18)SV2

Chapter3 Initial Configuration

Configuring Security Features

method you have implemented) in the form of accounting records. Each accounting record contains

accounting attribute-value(AV) pairs and is stored on the security server.This data can then be analyzed

for network management, client billing, and auditing.

Refer to the “Configuring Accounting” chapter in the Cisco IOS Security Configuration Guide.

Configuring Kerberos

For hosts and the KDC in your Kerberos realm to communicate and mutually authenticate, you must

identify them to each other.To do this, you add entries for the hosts to the Kerberos database on the KDC

and add SRVTABfiles generated by the KDC to all hosts in the Kerberos realm. Youalso make entries

for users in the KDC database.

Refer to the “Configuring Kerberos” chapter in the Cisco IOS Security Configuration Guide.

Configuring RADIUS

RADIUS is a distributed client/server system that secures networks against unauthorized access.

RADIUS clients run on ATM switch router systems and send authentication requests to a central

RADIUS server that contains all user authentication and network service access information. RADIUS

is a fully open protocol, distributedin source code format, that can be modified to work with any security

system currently available.

To configure RADIUS on your Cisco router or access server, perform the following tasks:

Step 1 Usethe aaa new-model global configuration command to enable AAA. AAA must be configured if you

plan to use RADIUS. Refer to the “AAA Overview” chapter in theCisco IOS Security Configuration

Guide.

Step 2 Use theaaa authentication global configuration command to define method lists for RADIUS

authentication.Refer to the “Configuring Authentication” chapter in the Cisco IOS Security

Configuration Guide.

Step 3 Useline and interface commands to enable the defined method lists to be used. Refer to the

“Configuring Authentication” chapter in the Cisco IOS Security Configuration Guide.

The following configuration tasks are optional:

•Youmay use the aaa group server command to group selected RADIUS hosts for specific services.

•Youmay use the aaa dnis map command to select RADIUS server groups based on DNIS number.

To use this command, you must define RADIUS server groups using theaaa group server

command.

•Youmay use the aaa authorization global command to authorize specific user functions. Refer to

the “Configuring Authorization” chapter in the Cisco IOS Security Configuration Guide.

•You may use the aaa accounting command to enable accounting for RADIUS connections. Refer

to the “Configuring Accounting” chapter in the Cisco IOS Security Configuration Guide.

•You may use the dialeraaa interface configuration command to create remote site profiles that

contain outgoing call attributes on the AAA server.

Refer to the “Configuring RADIUS” chapter in the Cisco IOS Security Configuration Guide.