网站大量收购闲置独家精品文档,联系QQ:2885784924

cisco AAA 认证.ppt

  1. 1、本文档共43页,可阅读全部内容。
  2. 2、有哪些信誉好的足球投注网站(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
  3. 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载
  4. 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
cisco AAA 认证

AAA Model Authentication: Who are you? 你是谁 “I am user student and my password validateme proves it.” Authorization: What can you do? What can you access? 你能做什么?你能访问什么 “User student can access host serverXYZ using Telnet.” “Assign an IP address and ACL to user student connecting through VPN.” “When user student starts an EXEC session, assign privilege level 10.” Accounting: What did you do? How long and how often did you do it? 你做了什么?多久和你通常做些什么? “User student accessed host serverXYZ using Telnet for 15 minutes.” “User student was connected to VPN for 25 minutes.” “EXEC session of user student lasted 20 minutes and only show commands were executed.” Router Access Modes AAA Protocols: RADIUS and TACACS+ RADIUS Authentication and Authorization The example shows how RADIUS exchange starts once the NAS is in possession of the username and password. The ACS can reply with Access-Accept message, or Access-Reject if authentication is not successful. ACS能答复Access-Accept信息,如果认证没有成功发送Access-Reject信息 RADIUS Attributes RADIUS属性 RADIUS messages contain zero or more AV-pairs(属性参数对), for example: User-Name User-Password (this is the only encrypted entity in RADIUS) CHAP-Password Service-Type Framed-IP-Address There are approximately 50 standard-based attributes (RFC 2865). 大约有50种基于标准的属性 RADIUS allows proprietary attributes. RADIUS允许私有的属性 Basic attributes are used for authentication purposes. 基本属性用于认证的意图 Most other attributes are used in the authorization process. 其他多数属性用于授权处理 RADIUS Features Standard protocol (RFC 2865) Standard attributes can be augmented by proprietary attributes: 标准的属性能够加入私有属性 Vendor-specific attribute 26 allows any TACACS+ attribute to be used over RADIUS 厂商指定属性值26插件允许TACACS+属性在RADIUS上使用 Uses UDP on standard port numbers (1812 and 1813; Cisco Secure ACS uses 1645 and 1646 by default) 使用UDP标准的端口号1812和1813,但CISCO的ACS默认使用1645和1646 Includes only two security features: Encryption of passwords (MD5 encryption) 密码加密 Authentication of packets (MD5 fingerprinting)

文档评论(0)

zhuwenmeijiale + 关注
实名认证
内容提供者

该用户很懒,什么也没介绍

版权声明书
用户编号:7065136142000003

1亿VIP精品文档

相关文档