iTable of Contents1 AAA Configuration ····································································································································1-1Introduction to AAA ·································································································································1-1Introduction to RADIUS···························································································································1-2Client/Server Model ·························································································································1-2Security and Authentication Mechanisms ·······················································································1-3Basic Message Exchange Process of RADIUS ··············································································1-3RADIUS Packet Format···················································································································1-4Extended RADIUS Attributes ··········································································································1-7Introduction to HWTACACS····················································································································1-8Differences Between HWTACACS and RADIUS············································································1-8Basic Message Exchange Process of HWTACACS ·······································································1-8Protocols and Standards·······················································································································1-10AAA Configuration Task List ·················································································································1-10AAA Configuration Task List ·········································································································1-11RADIUS Configuration Task List ···································································································1-11HWTACACS Configuration Task List ····························································································1-12Configuring AAA····································································································································1-12Configuration Prerequisites ···········································································································1-12Creating an ISP Domain················································································································1-12Configuring ISP Domain Attributes································································································1-13Configuring AAA Authentication Methods for an ISP Domain·······················································1-14Configuring AAA Authorization Methods for an ISP Domain ························································1-15Configuring AAA Accounting Methods for an ISP Domain····························································1-17Configuring Local User Attributes··································································································1-18Configuring User Group Attributes ································································································1-21Tearing down User Connections Forcibly ·····················································································1-21Displaying and Maintaining AAA ···································································································1-21Configuring RADIUS ·····························································································································1-22Creating a RADIUS Scheme ·········································································································1-22Specifying the RADIUS Authentication/Authorization Servers······················································1-23Specifying the RADIUS Accounting Servers and Relevant Parameters·······································1-23Setting the Shared Key for RADIUS Packets················································································1-24Setting the Upper Limit of RADIUS Request Retransmission Attempts ·······································1-25Setting the Supported RADIUS Server Type ················································································1-25Setting the Status of RADIUS Servers ··························································································1-26Configuring Attributes Related to Data to Be Sent to the RADIUS Server ···································1-27Setting Timers Regarding RADIUS Servers··················································································1-28Configuring RADIUS Accounting-On·····························································································1-29Specifying a Security Policy Server·······························································································1-30Enabling the Listening Port of the RADIUS Client ········································································1-30Displaying and Maintaining RADIUS·····························································································1-31Configuring HWTACACS ······················································································································1-31Creating a HWTACACS scheme···································································································1-31