Configuring AAA ····························································································································································352
Configuration prerequisites······································································································································352 Configuration task list···············································································································································352
Configuring an ISP domain ·····································································································································353
Configuring authentication methods for the ISP domain ······················································································354
Configuring authorization methods for the ISP domain························································································355
Configuring accounting methods for the ISP domain ···························································································356
AAA configuration example ··········································································································································358
RADIUS configuration ············································································································································· 363
Introduction to RADIUS·············································································································································363
Client/server model··················································································································································363
Security and authentication mechanisms ···············································································································363
Basic message exchange process of RADIUS ·······································································································364
RADIUS packet format··············································································································································365
Extended RADIUS attributes·····································································································································367
Protocols and standards···········································································································································368 Configuring RADIUS·······················································································································································368 Configuration task list···············································································································································368
Configuring RADIUS servers····································································································································369
Configuring RADIUS parameters ····························································································································370
RADIUS configuration example·····································································································································373
Configuration guidelines················································································································································378
Users ········································································································································································ 379
Configuring users····························································································································································379
Configuring a local user ··········································································································································379
Configuring a user group ········································································································································381
PKI configuration ····················································································································································· 383
PKI overview····································································································································································383
PKI terms ····································································································································································383
Architecture of PKI ····················································································································································383
Applications of PKI ···················································································································································384
Operation of PKI ·······················································································································································385
Configuring PKI·······························································································································································385
Configuration task list···············································································································································385
Creating a PKI entity·················································································································································388
Creating a PKI domain·············································································································································389
Generating an RSA key pair ···································································································································392
Destroying the RSA key pair····································································································································392
Retrieving a certificate··············································································································································393 Requesting a local certificate···································································································································395
Retrieving and displaying a CRL·····························································································································396
PKI configuration example·············································································································································397
Configuring a PKI entity to request a certificate from a CA·················································································397
Configuration guidelines················································································································································402
Port isolation group configuration·························································································································· 403
Overview ·········································································································································································403
Configuring a port isolation group ·······························································································································403
Port isolation group configuration example·················································································································404
10