AAA identity management security
Cisco's complete, authoritative guide to Authentication, Authorization, and Accounting (AAA) solutions with CiscoSecure ACS AAA solutions are very frequently used by customers to provide secure access to devices and networks AAA solutions are difficult and confusing to implement even though the...
| Otros Autores: | , , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
[Place of publication not identified]
Cisco Press
2011
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629118906719 |
Tabla de Contenidos:
- Cover
- Contents
- Introduction
- Chapter 1 Authentication, Authorization, Accounting (AAA)
- Authentication Overview
- Authentication Example
- Authorization Overview
- Authorization Example
- Accounting Overview
- Accounting Example
- Overview of RADIUS
- RADIUS in Detail
- RADIUS Operation
- RADIUS Encryption
- RADIUS Authentication and Authorization
- RADIUS Accounting
- Overview of TACACS+
- TACACS+ in Detail
- TACACS+ Communication
- TACACS+ Format and Header Values
- Encrypting TACACS+
- TACACS+ Operation
- TACACS+ and Authentication
- TACACS+ and Authorization
- TACACS+ Accounting
- Summary
- Chapter 2 Cisco Secure ACS
- Introduction to ACS
- Overview
- AAA Client-Server Framework
- Cisco Secure Access Control Server Release 4.2 Characteristics and Features
- Policy Model
- Platform
- Protocol Compliance
- Features Available
- Cisco Secure Access Control System Release 5.1 Characteristics and Features
- Policy Model
- Platform
- Protocol Compliance
- Functions and Features
- Installing Cisco Secure Access Control Server 4.2
- Installing Cisco Secure Access Control Server for Windows 4.2
- Installing Cisco Secure Access Control Server Solution Engine
- Initial Setup of Cisco Secure Access Control System 5.1
- Cisco Secure Access Control System Appliance 5.1
- Installing Cisco Secure Access Control System 5.1
- Installing Cisco Secure Access Control System 5.1 on VMware
- Licensing Model of Cisco Secure Access Control System 5.1
- Type of License
- Base License
- Add-on License
- Evaluation License
- Not-For-Resale (NFR) License
- Common Problems After Installation
- ACS Solution Engine Does Not Respond to Pings
- No Proper Cisco Secure Access Control Server GUI Access
- Remote Administration Access to Cisco Secure Access Control Server.
- ACS Folder Is Locked During Upgrade or Uninstall
- TACACS+/RADIUS Attributes Do Not Appear Under User/Group Setup
- Key Mismatch Error
- ACS Services Not Starting
- ACS 5.1 Install Failing on VMWare
- Summary
- Chapter 3 Getting Familiar with ACS 4.2
- The Seven Services of ACS
- CSAdmin
- CSAuth
- CSDBSync
- CSLog
- CSMon
- CSRadius
- CSTacacs
- The Grand Tour of the ACS Interface
- Administration Control
- Securing Access to ACS
- Network Configuration
- Network Access Profiles
- Interface Configuration
- TACACS+ Settings
- Advanced Options
- User Setup: Managing Users
- Customizing User Attributes
- Group Setup: Managing User Groups
- System Configuration
- Shared Profile Components
- External User Databases
- Reports and Activity
- Summary
- Chapter 4 Getting Familiar with ACS 5.1
- My Workspace
- Welcome Page
- Task Guide
- My Account
- Network Resources
- Network Device Groups
- Network Devices and AAA Clients
- Default Network Device
- External RADIUS Servers
- Users and Identity Stores
- Identity Groups
- Adding a User in the Internal Identity Store
- Adding a Host in the Internal Identity Store
- Policy Elements
- Session Conditions: Date and Time
- Session Conditions: Custom
- Session Conditions: End Station Filters
- Session Conditions: Device Filters
- Session Conditions: Device Port Filters
- Access Policies
- Service Selection Rules
- Access Services
- Creating an Access Service
- Configuring Identity Policy
- Configuring Authorization Policy
- Creating Service Selection Rules
- Monitoring and Reports
- ACS 5.1 Command-Line Interface (CLI)
- Summary
- Chapter 5 Configuring External Databases (Identity Stores) with ACS
- External Databases/Identity Stores
- External Databases/Identity Stores in Cisco Secure Access Control Server 4.2.
- External Databases/Identity Stores in Cisco Secure Access Control System 5.1
- Configuring Active Directory
- Active Directory Configuration on Cisco Secure Access Control Server 4.2
- Active Directory Configuration on Cisco Secure Access Control System 5.1
- Configuring LDAP
- LDAP Configuration on Cisco Secure Access Control Server 4.2
- Domain Filtering
- Common LDAP Configuration
- Primary and Secondary LDAP Server
- LDAP Configuration on Cisco Secure Access Control System 5.1
- Configuring RSA SecureID
- RSA SecureID Configuration on Cisco Secure Access Control Server 4.2
- RSA SecureID Configuration on Cisco Secure Access Control System 5.1
- Group Mapping
- Group Mapping on Cisco Secure Access Control Server 4.2
- Group Mapping on Cisco Secure Access Control System 5.1
- Group Mapping with LDAP Identity Stores
- Group Mapping with AD Identity Stores
- Group Mapping with RADIUS Identity Stores
- Group Mapping Conditions for LDAP, AD, and RADIUS Identity Databases
- Summary
- Chapter 6 Administrative AAA on IOS
- Local Database
- Privilege Levels
- Lab Scenario #1: Local Authentication and Privilege Levels
- Lab Setup
- Lab Solution
- Lab Verification
- Using AAA
- Configuring Authentication on IOS Using AAA
- Configuring ACS 4.2 and 5.1 for Authentication
- Verifying and Troubleshooting Authentication
- Authorization of Administrative Sessions
- Configuring ACS 4.2 and 5.1 for EXEC Authorization
- Verifying and Troubleshooting EXEC Authorization
- Command Authorization
- Configuring ACS 4.2 and 5.1 for Command Authorization
- Verifying and Troubleshooting Command Authorization
- Accounting of Administrative Sessions
- Configuring ACS for Accounting
- Lab Scenario #2: Authentication, Authorization, and Accounting of Administrative Sessions Using TACACS+
- Lab Setup
- Lab Solution
- Lab Verification.
- Lab Scenario #3: Authentication and Authorization of HTTP Sessions
- Lab Setup
- Lab Solution
- Lab Verification
- Summary
- Chapter 7 Administrative AAA on ASA/PIX
- Local Database
- Privilege Levels
- Lab Scenario #4: Local Authentication and Privilege Levels on ASA
- Lab Setup
- Lab Solution
- Lab Verification
- Using AAA
- Configuring Authentication on ASA Using AAA
- Configuring ACS 4.2 and 5.1 for Authentication
- Verifying and Troubleshooting Authentication
- Authorization of Administrative Sessions
- Configuring ACS 4.2 and 5.1 for EXEC Authorization
- Verifying and Troubleshooting EXEC Authorization
- Command Authorization
- Accounting of Administrative Sessions and Commands
- Lab Scenario #5: Authentication, Authorization and Accounting of Administrative Sessions on ASA using TACACS+
- Lab Setup
- Lab Solution
- Lab Verification
- Summary
- Chapter 8 IOS Switches
- Introduction to 802.1X, EAP, and EAPOL
- EAP
- EAPOL
- Message Exchange in 802.1X
- EAP Types
- PEAPv0/EAP-MSCHAPv2
- PEAPv1/EAP-GTC
- EAP Authentication Type Summary
- 802.1X Configuration on a Cisco Switch
- 802.1X Host Modes
- Single-Host Mode
- Multiple-Host Mode
- Multidomain Authentication Mode
- Pre-Authentication Open Access
- Multiauthentication Mode
- 802.1X Authentication Features
- Guest VLAN
- Restricted/Authentication Failed VLAN
- MAC Authentication Bypass
- VLAN Assignment
- 802.1X Timers
- Quiet Period
- Switch-to-Client Retransmission Time (tx-period)
- Switch-to-Client Retransmission Time for EAP-Request Frames (supp-timeout)
- Switch-to-Authentication-Server Retransmission Time for Layer 4 Packets (server-timeout)
- Switch-to-Client Frame Retransmission Number (max-reauth-req)
- Configuring Accounting
- Certificate Installation on ACS
- Certificate Installation on ACS 4.2.
- Certificate Installation on ACS 5.1
- Configuring EAP-MD5 on ACS
- EAP-MD5 Configuration on ACS 4.2
- EAP-MD5 Configuration on ACS 5.1
- Configuring PEAP on ACS
- PEAP Configuration on ACS 4.2
- PEAP Configuration on ACS 5.1
- Configuring EAP-TLS on ACS
- EAP-TLS Configuration on ACS 4.2
- EAP-TLS Configuration on ACS 5.1
- Dynamic VLAN Assignment: ACS Configuration
- Dynamic VLAN Assignment for ACS 4.2
- Dynamic VLAN Assignment for ACS 5.1
- Lab Scenario #7: Configuring Switch, ACS, and Windows XP for 802.1X Authentication Using EAP-MD5
- Lab Setup
- Lab Solution
- ACS 4.2 Configuration Requirement
- ACS 5.1 Configuration Requirement
- Switch Configuration Requirements
- Client Configuration Requirements
- Lab Scenario #8: Configuring Switch, ACS, and Windows XP for 802.1X Authentication Using PEAP
- Lab Solution
- Lab Scenario #9: Configuring Switch, ACS, and Windows XP for 802.1X Authentication Using EAP-TLS
- Lab Solution
- Useful show Commands
- Troubleshooting 802.1X
- Summary
- Chapter 9 Access Points
- Configuring Wireless NAS for 802.1X Authentication on an AP
- Configuring Wireless NAS for 802.1X Authentication on a WLC
- Configuring ACS 4.2 for LEAP
- Configuring ACS 5.1 for LEAP
- Configuring ACS 4.2 for EAP-FAST
- Configuring ACS 5.1 for EAP-FAST
- Lab Scenario #10: Configure WLC, ACS and Cisco Secure Services Client for 802.1X Authentication Using LEAP
- Lab Setup
- Lab Solution
- ACS 4.2 Configuration Requirements
- ACS 5.1 Configuration Requirements
- WLC Configuration Requirements
- Client Configuration Requirements
- Lab Scenario #11: Configure WLC, ACS, and Cisco Secure Services Client for 802.1X Authentication Using EAP-FAST
- Lab Solution
- ACS 4.2 Configuration Requirements
- ACS 5.1 Configuration Requirements
- Client Configuration Requirements
- Troubleshooting 802.1X
- Summary.
- Chapter 10 Cut-Through Proxy AAA on PIX/ASA.
