44 Security................................................................................................................................................... 724AAA Accounting............................................................................................................................................................. 724Configuration Task List for AAA Accounting........................................................................................................ 724AAA Authentication....................................................................................................................................................... 726Configuration Task List for AAA Authentication...................................................................................................727Obscuring Passwords and Keys................................................................................................................................... 729AAA Authorization......................................................................................................................................................... 729Privilege Levels Overview....................................................................................................................................... 730Configuration Task List for Privilege Levels.......................................................................................................... 730RADIUS........................................................................................................................................................................... 734RADIUS Authentication...........................................................................................................................................734Configuration Task List for RADIUS.......................................................................................................................736TACACS+........................................................................................................................................................................ 738Configuration Task List for TACACS+................................................................................................................... 738TACACS+ Remote Authentication.........................................................................................................................740Command Authorization.......................................................................................................................................... 741Protection from TCP Tiny and Overlapping Fragment Attacks................................................................................ 741Enabling SCP and SSH...................................................................................................................................................741Using SCP with SSH to Copy a Software Image.................................................................................................742Removing the RSA Host Keys and Zeroizing Storage ........................................................................................743Configuring When to Re-generate an SSH Key .................................................................................................. 743Configuring the SSH Server Key Exchange Algorithm........................................................................................744Configuring the HMAC Algorithm for the SSH Server....................................................................................... 744Configuring the SSH Server Cipher List............................................................................................................... 745Secure Shell Authentication....................................................................................................................................745Troubleshooting SSH............................................................................................................................................... 748Telnet............................................................................................................................................................................... 748VTY Line and Access-Class Configuration..................................................................................................................748VTY Line Local Authentication and Authorization................................................................................................749VTY Line Remote Authentication and Authorization...........................................................................................749VTY MAC-SA Filter Support.................................................................................................................................. 750Role-Based Access Control..........................................................................................................................................750Overview of RBAC................................................................................................................................................... 751User Roles.................................................................................................................................................................753AAA Authentication and Authorization for Roles.................................................................................................756Role Accounting....................................................................................................................................................... 759Display Information About User Roles...................................................................................................................76045 Service Provider Bridging........................................................................................................................ 762VLAN Stacking............................................................................................................................................................... 762Important Points to Remember..............................................................................................................................763Configure VLAN Stacking.......................................................................................................................................763Creating Access and Trunk Ports...........................................................................................................................764Enable VLAN-Stacking for a VLAN....................................................................................................................... 765Configuring the Protocol Type Value for the Outer VLAN Tag.......................................................................... 76524 Contents