AAA-
2.1.
Cisco
Packet Tracer Telnet
AAA
RADIUS AAA-
2.2.
RADIUS
Cisco Packet Tracer.
2.3.
T
Cisco IOS
Switch>
>
18
- Switch#
# enable
:
Switch#configure terminal
Switch(config)#enable password cisco
show run,
Switch#show running-config | include enable password enable password cisco
Switch(config)#service password-encryption
Switch#show running-config | include enable password enable password 7 0822455D0A16
service
19
password-encryption
enable secret.
Switch(config)#enable secret cisco Switch#show running-config | include enable
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 /hash
hash enable secret
enable password
enable secret).
-
-
Switch(config)#username admin privilege 15 secret cisco
20
privilege
disable, enable, exit, help logout.
switch>
switch#).
-
-
Router#conf t |
/ |
Router(config)#line console 0 |
|
Router(config-line)#login local |
|
|
new-model |
|
Router(config)#aaa new-model |
|
|
|
new-model |
|
Router(config)#aaa authentication login default local |
/ |
method list |
21 |
|
|
1. aaa new-model
Authorization and Accounting) -
aaa new-model |
login |
local). |
|
2. |
aaa authentication login |
|
method list). |
:
Local
Local-case
Enable enable{password | secret}.
Line None
Group |
{tacacs+ | radius} |
|
TACACS |
ADIUS |
|
Group |
{group-name} |
|
|
ACACS |
RADIUS |
3. |
default |
- |
list-name).
4. local method list
default
console |
vty |
aaa |
new-model |
|
|
|
- |
|
|
VTY |
|
|
VTY - |
Virtual |
|
22 |
|
command line interface (cli
1)
Router#conf t
Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login
. 2)
Router#conf t
Router(config)#line vty 0 4
Router(config-line)#login local
local
username). aaa new-model
aaa new-model
vty 0 4
|
vty 0 15 |
|
aaa new-model |
|
|
AAA (Authentication ( |
) Authorization ( |
) |
Accounting |
|
|
AAA- |
|
|
- |
|
|
23
-
-
-
-
-
-
-
AAA- 2.3.1.
2. AAA-
AAA-
-
AAA:
T
-
24
-
(authentication).
-
(authorization).
-
--
- RADIUS TACACS+.
RADIUS
RADIUS (Remote Authentication in Dial-In User Service) -
AAA-. :
UDP
- 1646).
--3].
TACACS+
TACACS+ (Terminal Access Controller Access Control System),
Cisco
TACACS.
DIUS.
--
25
TACACS+ - Cisco Secure Access Control Server (ACS).
TACACS 2.3.1.
|
2.3.1. |
|
TACACS+ |
RADIUS |
TACACS+ |
UDP 1812/1645 (authentication) |
|
1813/1646 (accounting) |
|
.
VPN
AAA-
username admin privilege 15 secret cisco--
--
-
26
-
aaa new-model).
--
key |
|
- |
|
(method list |
|
aaa authentication login default local |
method list |
default |
|
|
- |
local, |
|
aaa authentication login default group radius local |
method list |
default |
|
group
radius
-
-
- local
.
2.4.
2.4.1.
|
2. |
Cisco 2960 |
Cisco 1841, AAA- |
client (AAA-server).
2.
27