iTable of Contents1 AAA Configuration ····································································································································1-1Introduction to AAA ·································································································································1-1Introduction to RADIUS···························································································································1-2Client/Server Model ·························································································································1-3Security and Authentication Mechanisms ·······················································································1-3Basic Message Exchange Process of RADIUS ··············································································1-3RADIUS Packet Format···················································································································1-4Extended RADIUS Attributes ··········································································································1-7Introduction to HWTACACS····················································································································1-8Differences Between HWTACACS and RADIUS············································································1-8Basic Message Exchange Process of HWTACACS ·······································································1-9Domain-Based User Management········································································································1-10Protocols and Standards·······················································································································1-11AAA Configuration Task List ·················································································································1-11AAA Configuration Task List ·········································································································1-12RADIUS Configuration Task List ···································································································1-13HWTACACS Configuration Task List ····························································································1-13Configuring AAA····································································································································1-14Configuration Prerequisites ···········································································································1-14Creating an ISP Domain················································································································1-14Configuring ISP Domain Attributes································································································1-15Configuring AAA Authentication Methods for an ISP Domain·······················································1-15Configuring AAA Authorization Methods for an ISP Domain ························································1-17Configuring AAA Accounting Methods for an ISP Domain····························································1-19Configuring Local User Attributes··································································································1-21Configuring User Group Attributes ································································································1-22Tearing down User Connections Forcibly ·····················································································1-23Configuring a NAS ID-VLAN Binding ····························································································1-23Displaying and Maintaining AAA ···································································································1-24Configuring RADIUS ·····························································································································1-24Creating a RADIUS Scheme ·········································································································1-25Specifying the RADIUS Authentication/Authorization Servers······················································1-25Specifying the RADIUS Accounting Servers and Relevant Parameters·······································1-26Setting the Shared Key for RADIUS Packets················································································1-27Setting the Upper Limit of RADIUS Request Retransmission Attempts ·······································1-28Setting the Supported RADIUS Server Type ················································································1-28Setting the Status of RADIUS Servers ··························································································1-29Configuring Attributes Related to Data to Be Sent to the RADIUS Server ···································1-30Enabling the RADIUS Trap Function·····························································································1-30Specifying the Source IP Address for RADIUS Packets to Be Sent ·············································1-31Setting Timers Regarding RADIUS Servers··················································································1-31Specifying a Security Policy Server·······························································································1-32Enabling the Listening Port of the RADIUS Client ········································································1-33