0% found this document useful (0 votes)

44 views30 pages

18-Security Configuration

The document discusses AAA configuration, RADIUS configuration, and web authentication configuration. It provides an overview of AAA including the principles and configuration process. It then details the tasks for configuring AAA authentication, authorization, and accounting. Next, it covers RADIUS concepts and configuration including communication and attributes. It concludes with an overview of web authentication and its configuration including global, interface, and monitoring settings.

Uploaded by

den02kost

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

44 views30 pages

18-Security Configuration

Uploaded by

den02kost

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 30

Security Configuration

Table of Contents

Table of Contents
Chapter 1 AAA Configuration ............................................................................................................................................... 1
1.1 AAA Overview........................................................................................................................................................ 1
1.1.1 AAA Security Service................................................................................................................................. 1
1.1.2 Benefits of Using AAA ............................................................................................................................... 2
1.1.3 AAA Principles........................................................................................................................................... 2
1.1.4 Method Lists.............................................................................................................................................. 2
1.2 AAA Configuration Process ................................................................................................................................... 3
1.2.1 Overview of the AAA Configuration Process ............................................................................................. 3
1.3 AAA Authentication Configuration Task List........................................................................................................... 4
1.4 AAA Authentication Configuration Task ................................................................................................................. 4
1.4.1 Configuring Login Authentication Using AAA ............................................................................................ 4
1.4.2 Enabling Password Protection at the Privileged Level .............................................................................. 6
1.4.3 Configuring Message Banners for AAA Authentication ............................................................................. 6
1.4.4 AAA authentication username-prompt....................................................................................................... 7
1.4.5 AAA authentication password-prompt ....................................................................................................... 7
1.4.6 Establishing Username Authentication...................................................................................................... 8
1.4.7 Enabling password.................................................................................................................................... 8
1.5 AAA Authentication Configuration Example........................................................................................................... 9
1.6 AAA Authorization Configuration Task List............................................................................................................. 9
1.7 AAA Authorization Configuration Task ................................................................................................................... 9
1.7.1 Configuring EXEC Authorization using AAA............................................................................................ 10
1.8 AAA Authorization Example................................................................................................................................. 11
1.9 AAA Accounting Configuration Task List.............................................................................................................. 11
1.10 AAA Accounting Configuration Task .................................................................................................................. 11
1.10.1 Configuring Accounting Connection using AAA..................................................................................... 12
1.10.2 Configuring Network Accounting using AAA.......................................................................................... 12
1.10.3 AAA accounting update ......................................................................................................................... 13
1.10.4 AAA accounting suppress null-username.............................................................................................. 13
Chapter 2 Configuing RADIUS ........................................................................................................................................... 14
2.1 Introduction.......................................................................................................................................................... 14
2.1.1 RADIUS Introduction............................................................................................................................... 14
2.1.2 RADIUS Operation.................................................................................................................................. 15
2.2 RADIUS Configuration Task List.......................................................................................................................... 15
2.3 RADIUS Configuration Task List.......................................................................................................................... 16
2.4 RADIUS Configuration Task ................................................................................................................................ 16
2.4.1 Configuring Switch to RADIUS Server Communication .......................................................................... 16
2.4.2 Configuring Switch to Use Vendor-Specific RADIUS Attributes .............................................................. 17
2.4.3 Specifying RADIUS Authentication.......................................................................................................... 17
2.4.4 Specifying RADIUS Authorization ........................................................................................................... 17
2.4.5 Specifying RADIUS Accounting............................................................................................................... 17
2.5 RADIUS Configuration Examples........................................................................................................................ 18

-I-
Table of Contents

2.5.1 RADIUS Authentication and Authorization Example ............................................................................... 18

Chapter 3 Web Authentication Configuration ..................................................................................................................... 19
3.1 Overview.............................................................................................................................................................. 19
3.1.1 Web Authentication ................................................................................................................................. 19
3.1.2 Planning Web Authentication .................................................................................................................. 21
3.2 Configuring Web Authentication .......................................................................................................................... 22
3.2.1 Global Configuration................................................................................................................................ 22
3.2.2 Interface Configuration............................................................................................................................ 24
3.2.3 Enabling Web Authentication .................................................................................................................. 24
3.3 Monitoring and Maintaining Web Authentication ................................................................................................. 25
3.3.1 Checking the Global Configuration.......................................................................................................... 25
3.3.2 Checking Interface Configuration............................................................................................................ 25
3.3.3 Checking User State ............................................................................................................................... 25
3.3.4 Mandatorily Kicking Out Users................................................................................................................ 25
3.4 Web Authentication Configuration Example ........................................................................................................ 25

- II -
Security Configuration

Chapter 1 AAA Configuration

1.1 AAA Overview

Access control is the way to control access to the network and services.
Authentication, authorization, and accounting (AAA) network security services provide
the primary framework through which you set up access control on your router or
access server.

1.1.1 AAA Security Service

AAA is an architectural framework for configuring a set of three independent security

functions in a consistent manner. AAA provides a modular way of performing the
following services:
• Authentication—Provides the method of identifying users, including login and
password dialog, challenge and response, messaging support, and, depending on the
security protocol you select, encryption.
Authentication is the way a user is identified prior to being allowed access to the
network and network services. You configure AAA authentication by defining a named
list of authentication methods, and then applying that list to various interfaces. The
method list defines the types of authentication to be performed and the sequence in
which they will be performed; it must be applied to a specific interface before any of the
defined authentication methods will be performed. The only exception is the default
method list (which is named "default"). The default method list is automatically applied
to all interfaces if no other method list is defined. A defined method list overrides the
default method list.
All authentication methods, except for local, line password, and enable authentication,
must be defined through AAA. For information about configuring all authentication
methods, including those implemented outside of the AAA security services, refer to the
chapter "Configuring Authentication."
• Authorization—Provides the method for remote access control, including one-time
authorization or authorization for each service, per-user account list and profile, user
group support, and support of IP, IPX, ARA, and Telnet.
AAA authorization works by assembling a set of attributes that describe what the user
is authorized to perform. These attributes are compared to the information contained in
a database for a given user and the result is returned to AAA to determine the user's
actual capabilities and restrictions. The database can be located locally on the access
server or router or it can be hosted remotely on a RADIUS or TACACS+ security server.
Remote security servers, such as RADIUS and TACACS+, authorize users for specific
rights by associating attribute-value (AV) pairs, which define those rights with the
appropriate user. All authorization methods must be defined through AAA.
As with authentication, you configure AAA authorization by defining a named list of
authorization methods, and then applying that list to various interfaces. For information
about configuring authorization using AAA, refer to the chapter "Configuring
Authorization."
• Accounting—Provides the method for collecting and sending security server
information used for billing, auditing, and reporting, such as user identities, start and

-1-
Security Configuration

stop times, executed commands (such as PPP), number of packets, and number of
bytes.
Accounting enables you to track the services users are accessing as well as the
amount of network resources they are consuming. When AAA accounting is activated,
the network access server reports user activity to the RADIUS or TACACS+ security
server (depending on which security method you have implemented) in the form of
accounting records. Each accounting record is comprised of accounting AV pairs and is
stored on the access control server. This data can then be analyzed for network
management, client billing, and/or auditing. All accounting methods must be defined
through AAA. As with authentication and authorization, you configure AAA accounting
by defining a named list of accounting methods, and then applying that list to various
interfaces. For information about configuring accounting using AAA, refer to the chapter
"Configuring Accounting."

1.1.2 Benefits of Using AAA

AAA provides the following benefits:

z • Increased flexibility and control of access configuration

z • Scalability

z • Standardized authentication methods, such as RADIUS, TACACS+, and

Kerberos

z • Multiple backup systems

1.1.3 AAA Principles

AAA is designed to enable you to dynamically configure the type of authentication and
authorization you want on a per-line (per-user) or per-service (for example, IP, IPX, or
VPDN) basis. You define the type of authentication and authorization you want by
creating method lists, then applying those method lists to specific services or
interfaces.

1.1.4 Method Lists

A method list is a sequential list that defines the authentication methods used to
authenticate a user. Method lists enable you to designate one or more security
protocols to be used for authentication, thus ensuring a backup system for
authentication in case the initial method fails. Cisco IOS software uses the first method
listed to authenticate users; if that method does not respond, Cisco IOS software
selects the next authentication method in the method list. This process continues until
there is successful communication with a listed authentication method or the
authentication method list is exhausted, in which case authentication fails.

The software attempts authentication with the next listed authentication method only
when there is no response from the previous method. If authentication fails at any
point in this cycle—meaning that the security server or local username database
responds by denying the user access—the authentication process stops and no other
authentication methods are attempted. The following figures shows a typical AAA
network configuration that includes four security servers: R1 and R2 are RADIUS
servers, and T1 and T2 are TACACS+ servers.

-2-
Security Configuration

Figure 1-1 Typical AAA Network Configuration

Suppose the system administrator has defined a method list where R1 will be
contacted first for authentication information, then R2, T1, T2, and finally the local
username database on the access server itself. When a remote user attempts to dial in
to the network, the network access server first queries R1 for authentication
information. If R1 authenticates the user, it issues a PASS response to the network
access server and the user is allowed to access the network. If R1 returns a FAIL
response, the user is denied access and the session is terminated. If R1 does not
respond, then the network access server processes that as an ERROR and queries R2
for authentication information. This pattern continues through the remaining designated
methods until the user is either authenticated or rejected, or until the session is
terminated. If all of the authentication methods return errors, the network access server
will process the session as a failure, and the session will be terminated.

A FAIL response is significantly different from an ERROR. A FAIL means that the user
has not met the criteria contained in the applicable authentication database to be
successfully authenticated. Authentication ends with a FAIL response. An ERROR
means that the security server has not responded to an authentication query. Because
of this, no authentication has been attempted. Only when an ERROR is detected will
AAA select the next authentication method defined in the authentication method list.

1.2 AAA Configuration Process

You must first decide what kind of security solution you want to implement. You need to
assess the security risks in your particular network and decide on the appropriate
means to prevent unauthorized entry and attack.

1.2.1 Overview of the AAA Configuration Process

Configuring AAA is relatively simple after you understand the basic process involved.
To configure security on a Cisco router or access server using AAA, follow this
process:

z If you decide to use a separate security server, configure security protocol

parameters, such as RADIUS, TACACS+, or Kerberos.

z Define the method lists for authentication by using an AAA authentication command.

-3-
Security Configuration

z Apply the method lists to a particular interface or line, if required.

z (Optional) Configure authorization using the aaa authorization command.

z (Optional) Configure accounting using the aaa accounting command.

1.3 AAA Authentication Configuration Task List

z Configuring Login Authentication Using AAA

z Configuring PPP Authentication Using AAA

z Enabling Password Protection at the Privileged Level

z Configuring Message Banners for AAA Authentication

z AAA authentication username-prompt

z AAA authentication password-prompt

z Establishing Username Authentication

z Enabling Password

1.4 AAA Authentication Configuration Task

To configure AAA authentication, perform the following configuration processes：

(1) If you decide to use a separate security server, configure security protocol
parameters, such as RADIUS, TACACS+, or Kerberos.

(2) Define the method lists for authentication by using an AAA authentication
command.

(3) Apply the method lists to a particular interface or line, if required.

1.4.1 Configuring Login Authentication Using AAA

The AAA security services facilitate a variety of login authentication methods. Use the
aaa authentication login command to enable AAA authentication no matter which of the
supported login authentication methods you decide to use. With the aaa authentication
login command, you create one or more lists of authentication methods that are tried at
login. These lists are applied using the login authentication line configuration
command.

To configure login authentication by using AAA, use the following commands beginning
in global configuration mode:

command purpose

aaa authentication login {default |

Enables AAA globally.
list-name}method1 [method2...]

-4-
Security Configuration

Enters line configuration mode for the lines

line [ console | vty ] line-number
to which you want to apply the
[ending-line-number]
authentication list.

Applies the authentication list to a line or set of

The list-name is a character string used to name the list you are creating. The method
argument refers to the actual method the authentication algorithm tries. The additional
methods of authentication are used only if the previous method returns an error, not if
it fails. To specify that the authentication should succeed even if all methods return an
error, specify none as the final method in the command line.

For example, to specify that authentication should succeed even if (in this example)
the TACACS+ server returns an error, enter the following command:
aaa authentication login default group radius

Note：

Because the none keyword enables any user logging in to successfully authenticate, it should be used
only as a backup method of authentication.

The following table lists the supported login authentication methods.：

Keyword description
enable Uses the enable password for authentication.

group name Uses named server group for authentication.

group radius Uses the list of all RADIUS servers for authentication.

line Uses the line password for authentication.

local Uses the local username database for authentication.

local-case Uses case-sensitive local username authentication.

none Uses no authentication.

(1) Login Authentication Using Enable Password

Use the aaa authentication login command with the enable method keyword to
specify the enable password as the login authentication method. For example, to
specify the enable password as the method of user authentication at login when
no other method list has been defined, enter the following command:
aaa authentication login default enable

(2) Login Authentication Using Line Password

Use the aaa authentication login command with the line method keyword to
specify the line password as the login authentication method. For example, to
specify the line password as the method of user authentication at login when no
other method list has been defined, enter the following command:
aaa authentication login default line
Before you can use a line password as the login authentication method, you
need to define a line password.
(3) Login Authentication Using Local Password
Use the aaa authentication login command with the local method keyword to
specify that the Cisco router or access server will use the local username

-5-
Security Configuration

database for authentication. For example, to specify the local username

database as the method of user authentication at login when no other method
list has been defined, enter the following command:
aaa authentication login default local
For information about adding users into the local username database, refer to
the section "Establishing Username Authentication" in this chapter.
(4) Login Authentication Using Group RADIUS
Use the aaa authentication login command with the group radius method to
specify RADIUS as the login authentication method. For example, to specify
RADIUS as the method of user authentication at login when no other method list
has been defined, enter the following command:
aaa authentication login default group radius
Before you can use RADIUS as the login authentication method, you need to
enable communication with the RADIUS security server. For more information
about establishing communication with a RADIUS server, refer to the chapter
"Configuring RADIUS."

1.4.2 Enabling Password Protection at the Privileged Level

Use the aaa authentication enable default command to create a series of

authentication methods that are used to determine whether a user can access the
privileged EXEC command level. You can specify up to four authentication methods.
The additional methods of authentication are used only if the previous method returns
an error, not if it fails. To specify that the authentication should succeed even if all
methods return an error, specify none as the final method in the command line.

Use the following command in global configuration mode:

command purpose
aaa authentication enable default Enables user ID and password checking for
method1 [method2...] users requesting privileged EXEC level.

The method argument refers to the actual list of methods the authentication algorithm
tries, in the sequence entered.

The following table lists the supported enable authentication methods.

Keyword Description
enable Uses the enable password for authentication.

Uses a subset of RADIUS or TACACS+ servers for authentication as defined

group group-name
by the aaa group server radius or aaa group server tacacs+ command.

group radius Uses the list of all RADIUS hosts for authentication.

line Uses the line password for authentication.

none Uses no authentication.

1.4.3 Configuring Message Banners for AAA Authentication

AAA supports the use of configurable, personalized login and failed-login banners. You
can configure message banners that will be displayed when a user logs in to the
system to be authenticated using AAA and when, for whatever reason, authentication
fails.
-6-
Security Configuration

Configuring a Login Banner

To configure a banner that will be displayed whenever a user logs in (replacing the
default message for login), use the following commands in global configuration mode:：

command purpose
aaa authentication banner delimiter
Creates a personalized login banner.
text-string delimiter

Configuring a Failed-Login Banner

To configure a message that will be displayed whenever a user fails login (replacing
the default message for failed login), use the following commands in global
configuration mode:：

command purpose
aaa authentication fail-message delimiter Creates a message to be displayed when a
text-string delimiter user fails login.

Instruction

To create a login banner, you need to configure a delimiting character, which notifies
the system that the following text string is to be displayed as the banner, and then the
text string itself. The delimiting character is repeated at the end of the text string to
signify the end of the banner. The delimiting character can be any single character in
the extended ASCII character set, but once defined as the delimiter, that character
cannot be used in the text string making up the banner.

1.4.4 AAA authentication username-prompt

To change the text displayed when users are prompted to enter a username, use the
aaa authentication username-prompt command in global configuration mode. To return
to the default username prompt text, use the no form of this command. username：

The aaa authentication username-prompt command does not change any dialog that
is supplied by a remote TACACS+ server. Use the following command to configure in
global configuration mode：

command purpose
aaa authentication username-prompt String of text that will be displayed when the
text-string user is prompted to enter an username.

1.4.5 AAA authentication password-prompt

To change the text displayed when users are prompted for a password, use the aaa
authentication password-prompt command in global configuration mode. To return to
the default password prompt text, use the no form of this command.

password：

-7-
Security Configuration

The aaa authentication password-prompt command does not change any dialog that is
supplied by a remote TACACS+ server. Use the following command to configure in
global configuration mode：

command purpose
aaa authentication password-prompt String of text that will be displayed when the
text-string user is prompted to enter a password.

1.4.6 Establishing Username Authentication

You can create a username-based authentication system, which is useful in the

following situations:

• To provide a TACACS-like username and encrypted password-authentication system

for networks that cannot support TACACS

• To provide special-case logins: for example, access list verification, no password

verification, autocommand execution at login, and "no escape" situations

To establish username authentication, use the following commands in global

configuration mode as needed for your system configuration:

Use the no form of this command to delete a username.

username name {nopassword | password password | password encryption-type

encrypted-password}

username name [autocommand command]

username name [callback-dialstring telephone-number]

username name [callback-rotary rotary-group-number]

username name [callback-line [tty | aux] line-number [ending-line-number]]

username name [noescape] [nohangup]

username name [privilege level]

username name [user-maxlinks number]

no username name

1.4.7 Enabling password

To set a local password to control access to various privilege levels, use the enable
password command in global configuration mode. To remove the password
requirement, use the no form of this command.

enable password { [encryption-type] encrypted-password} [level level]

no enable password [level level]

-8-
Security Configuration

1.5 AAA Authentication Configuration Example

1. RADIUS Authentication Example

This section provides one sample configuration using RADIUS.

The following example shows how to configure the switch to authenticate and
authorize using RADIUS:
aaa authentication login radius-login group radius local
aaa authorization network radius-network radius
line vty
login authentication radius-login

The lines in this sample RADIUS authentication and authorization configuration are
defined as follows:：

z The aaa authentication login radius-login radius local command configures the
router to use RADIUS for authentication at the login prompt. If RADIUS returns
an error, the user is authenticated using the local database.

z The aaa authentication ppp radius-ppp radius command configures the software
to use PPP authentication using CHAP or PAP if the user has not already logged
in. If the EXEC facility has authenticated the user, PPP authentication is not
performed.

z The aaa authorization network radius-network radius command command

queries RADIUS for network authorization, address assignment, and other
access lists.

z The login authentication radius-login command enables the radius-login method

list for line 3.

1.6 AAA Authorization Configuration Task List

z Configuring EXEC Authorization using AAA

1.7 AAA Authorization Configuration Task

To configure AAA authorization, perform the following configuration processes：

(1) If you decide to use a separate security server, configure security protocol
parameters, such as RADIUS, TACACS+, or Kerberos.

(2) Define the method lists for authorization by using an AAA authorization
command.

(3) Apply the method lists to a particular interface or line, if required.

-9-
Security Configuration

1.7.1 Configuring EXEC Authorization using AAA

Use the aaa authorization command to enable authorization

Use aaa authorization exec command to run authorization to determine if the user is
allowed to run an EXEC shell. This facility might return user profile information such as
autocommand information.

Use line configuration command login authorization to apply these lists. Use the
following command in global configuration mode:

command purpose

aaa authorization exec {default |

Establishes global authorization list.
list-name}method1 [method2...]

Enters the line configuration mode for the

line [console | vty ] line-number
lines to which you want to apply the
[ending-line-number]
authorization method list.

Applies the authorization list to a line or set

The keyword list-name is the character string used to name the list of authorization
methods.

The keyword method specifies the actual method during authorization process.
Method lists enable you to designate one or more security protocols to be used for
authorization, thus ensuring a backup system in case the initial method fails. The
system uses the first method listed to authorize users for specific network services; if
that method fails to respond, the system selects the next method listed in the method
list. This process continues until there is successful communication with a listed
authorization method, or all methods defined are exhausted. If all specified methods
fail to respond, and you still want the system to enter the EXEC shell, you should
specify none as the last authorization method in command line.

Use default parameter to establish a default list, and the default list will apply to all
interfaces automatically. For example, use the following command to specify radius
as the default authorization method for exec:
aaa authorization exec default group radius

Note：

If no method list is defined, the local authorization service will be unavailable and the authorization is
allowed to pass..

The following table lists the currently supported EXEC authorization mode：

keyword description
group WORD Uses a named server group for authorization.

group radius Uses radius authorization.

local Uses the local database for authorization.

Allows the user to access the requested function if the user is

if-authenticated
authenticated.

none No authorization is performed.

- 10 -
Security Configuration

1.8 AAA Authorization Example

1. EXEC local authorization example

aaa authentication login default local

aaa authorization exec default local
!
username exec1 password 0 abc privilege 15
username exec2 password 0 abc privilege 10
username exec3 nopassword
username exec4 password 0 abc user-maxlinks 10
username exec5 password 0 abc autocommand telnet 172.16.20.1
!

The lines in this sample RADIUS authorization configuration are defined as follows:：

z The aaa authentication login default local command defines the default method
list of login authentication. This method list applies to all login authentication
servers automatically.

z The aaa authorization exec default local command defines default method list of
exec authorization. The method list automatically applies to all users that need
to enter exec shell.

z Username is exec1，login password is abc，EXEC privileged level is 15(the

highest level)，that is, when user exec1 whose privileged level is 15 logs in exec
shell, all commands can be checked and performed.

z Username is exec2，login password is abc，EXEC privileged level is 10，that is,

when user exec2 whose privileged level is 10 logs in EXEC shell, commands
with privileged level less than 10 can be checked and performed.

z Username is exec3，no password is needed for login.

z Username is exec4，login password is abc，the maximum links of the user is 10.

z Username is exec5，login password is abc, user performs telnet 172.16.20.1

immediately when logging in exec shell.

1.9 AAA Accounting Configuration Task List

z Configuring Connection Accounting using AAA

z Configuring Network Accounting using AAA

1.10 AAA Accounting Configuration Task

To configure AAA accounting, perform the following configuration processes：

- 11 -
Security Configuration

(1) If you decide to use a separate security server, configure security protocol
parameters, such as RADIUS, TACACS+, or Kerberos.

(2) Define the method lists for accounting by using an AAA accounting command.

(3) Apply the method lists to a particular interface or line, if required.

1.10.1 Configuring Accounting Connection using AAA

Use the aaa accounting command to enable AAA accounting.

To create a method list to provide accounting information about all outbound

connections made from the network access server, use the aaa accounting connection
command.

command purpose
aaa accounting connection {default |
list-name} {start-stop | stop-only | none} Establishes global accounting list.
group groupname

The keyword list-name is used to name any character string of the establishing list.
The keyword method specifies the actual method adopted during accounting process.

The following table lists currently supported connection accounting methods：

keyword description
group WORD Enables named server group for accounting.

group radius Enables radius accounting.

none Disables accounting services for the specified line or interface.

Sends a "stop" record accounting notice at the end of the requested user
stop-only
process.

RADIUS or TACACS+ sends a "start" accounting notice at the beginning of

start-stop the requested process and a "stop" accounting notice at the end of the
process.

1.10.2 Configuring Network Accounting using AAA

Use the aaa accounting command to enable AAA accounting.

To create a method list to provide accounting information for SLIP, PPP, NCPs, and
ARAP sessions, use the aaa accounting network command in global configuration
mode.

command purpose
aaa accounting network {default |
list-name} {start-stop | stop-only | none} Enables global accounting list.
group groupname

The keyword list-name is used to name any character string of the establishing list.
The keyword method specifies the actual method adopted during accounting process.

The following table lists currently supported network accounting methods：

- 12 -
Security Configuration

keyword description
group WORD Enables named server group for accounting.

group radius Enables radius accounting.

none Disables accounting services for the specified line or interface.

Sends a "stop" record accounting notice at the end of the requested user
stop-only
process.

RADIUS or TACACS+ sends a "start" accounting notice at the beginning of

start-stop the requested process and a "stop" accounting notice at the end of the
process.

1.10.3 AAA accounting update

To enable periodic interim accounting records to be sent to the accounting server, use
the aaa accounting update command in global configuration mode. To disable interim
accounting updates, use the no form of this command.

Command purpose

aaa accounting update [newinfo]

Enables AAA accounting update.
[periodic number]

If the newinfo keyword is used, interim accounting records will be sent to the
accounting server every time there is new accounting information to report. An
example of this would be when IP Control Protocol (IPCP) completes IP address
negotiation with the remote peer. The interim accounting record will include the
negotiated IP address used by the remote peer.

When used with the periodic keyword, interim accounting records are sent periodically
as defined by the argument number. The interim accounting record contains all of the
accounting information recorded for that user up to the time the accounting record is
sent.

When using both the newinfo and periodic keywords, interim accounting records are
sent to the accounting server every time there is new accounting information to report,
and accounting records are sent to the accounting server periodically as defined by the
argument number. For example, if you configure the aaa accounting update newinfo
periodic number command, all users currently logged in will continue to generate
periodic interim accounting records while new users will generate accounting records
based on the newinfo algorithm.

1.10.4 AAA accounting suppress null-username

To prevent the AAA system from sending accounting records for users whose
username string is NULL, use the aaa accounting suppress null-username command
in global configuration mode. To allow sending records for users with a NULL
username, use the no form of this command.

z aaa accounting suppress null-username

- 13 -
Security Configuration

Chapter 2 Configuing RADIUS

This chapter describes the Remote Authentication Dial-In User Service (RADIUS)
security system, defines its operation, and identifies appropriate and inappropriate
network environments for using RADIUS technology. The "RADIUS Configuration Task
List" section describes how to configure RADIUS with the authentication, authorization,
and accounting (AAA) command set.

2.1 Introduction

2.1.1 RADIUS Introduction

RADIUS is a distributed client/server system that secures networks against

unauthorized access. In the implementation, RADIUS clients run on switches and send
authentication requests to a central RADIUS server that contains all user
authentication and network service access information.

RADIUS has been implemented in a variety of network environments that require high
levels of security while maintaining network access for remote users.

Use RADIUS in the following network environments that require access security:：

z Networks with multiple-vendor access servers, each supporting RADIUS. For

example, access servers from several vendors use a single RADIUS
server-based security database. In an IP-based network with multiple vendors'
access servers, dial-in users are authenticated through a RADIUS server that
has been customized to work with the Kerberos security system.

z Networks in which a user must only access a single service. Using RADIUS, you
can control user access to a single host, to a single utility such as Telnet, or to a
single protocol such as Point-to-Point Protocol (PPP). For example, when a user
logs in, RADIUS identifies this user as having authorization to run PPP using IP
address 10.2.3.4 and the defined access list is started.

z Networks that require resource accounting. You can use RADIUS accounting
independent of RADIUS authentication or authorization. The RADIUS
accounting functions allow data to be sent at the start and end of services,
indicating the amount of resources (such as time, packets, bytes, and so on)
used during the session. An Internet service provider (ISP) might use a
freeware-based version of RADIUS access control and accounting software to
meet special security and billing needs.

RADIUS is not suitable in the following network security situations:：

z Multiprotocol access environments. RADIUS does not support the following

protocols:：

AppleTalk Remote Access (ARA)

NetBIOS Frame Control Protocol (NBFCP)

- 14 -
Security Configuration

z NetWare Asynchronous Services Interface (NASI)

z X.25 PAD connections

z Switch-to-switch situations. RADIUS does not provide two-way authentication.

z Networks using a variety of services. RADIUS generally binds a user to one

service model.

2.1.2 RADIUS Operation

When a user attempts to log in and authenticate to an access server using RADIUS,
the following steps occur:：

(1) The user is prompted for and enters a username and password.

(2) The username and encrypted password are sent over the network to the
RADIUS server.

(3) The user receives one of the following responses from the RADIUS server:
a. ACCEPT—The user is authenticated.
b. REJECT—The user is not authenticated and is prompted to reenter the
username and password, or access is denied.
c. CHALLENGE—A challenge is issued by the RADIUS server. The challenge
collects additional data from the user.
d. CHANGE PASSWORD—A request is issued by the RADIUS server, asking
the user to select a new password.
The ACCEPT or REJECT response is bundled with additional data that is used
for EXEC or network authorization. You must first complete RADIUS
authentication before using RADIUS authorization. The additional data included
with the ACCEPT or REJECT packets consists of the following:
• Services that the user can access, including Telnet, rlogin, or local-area
transport (LAT) connections, and PPP, Serial Line Internet Protocol (SLIP), or
EXEC services.
• Connection parameters, including the host or client IP address, access list, and
user timeouts.

2.2 RADIUS Configuration Task List

To configure RADIUS on your switch or access server, you must perform the following
tasks:：

z Use the aaa authentication global configuration command to define method lists
for RADIUS authentication. For more information about using the aaa
authentication command, refer to the "Configuring Authentication" chapter.

z Use line and interface commands to enable the defined method lists to be used.
For more information, refer to the "Configuring Authentication" chapter.

(1) The following configuration tasks are optional:：

- 15 -
Security Configuration

z You may use the aaa authorization global command to authorize specific user
functions. For more information about using the aaa authorization command,
refer to the chapter "Configuring Authorization."

z You may use the aaa accounting command to enable accounting for RADIUS
connections. For more information about using the aaa accounting command,
refer to the chapter "Configuring Accounting."

2.3 RADIUS Configuration Task List

z Configuring Switch to RADIUS Server Communication

z Configuring Switch to Use Vendor-Specific RADIUS Attributes

z Specifying RADIUS Authentication

z Specifying RADIUS Authorization

z Specifying RADIUS Accounting

2.4 RADIUS Configuration Task

2.4.1 Configuring Switch to RADIUS Server Communication

The RADIUS host is normally a multiuser system running RADIUS server software
from Livingston, Merit, Microsoft, or another software provider.

A RADIUS server and a Cisco router use a shared secret text string to encrypt
passwords and exchange responses.

To configure RADIUS to use the AAA security commands, you must specify the host
running the RADIUS server daemon and a secret text (key) string that it shares with
the router.

To configure per-server RADIUS server communication, use the following command in

global configuration mode:

command purpose
radius-server host ip-address [auth-port Specifies the IP address or host name of the remote
port-number][acct-port portnumber] RADIUS server host and assign authentication and
accounting destination port numbers.

radius-server key string Specifies the shared secret text string used between
the router and a RADIUS server.

To configure global communication settings between the router and a RADIUS server,
use the following radius-server commands in global configuration mode:：

command purpose
Specifies how many times the switch transmits each
radius-server retransmit retries RADIUS request to the server before giving up (the
default is 2).

- 16 -
Security Configuration

Specifies for how many seconds a switch waits for a

radius-server timeout seconds reply to a RADIUS request before retransmitting the
request.

Specifies for how many minutes a RADIUS server

radius-server deadtime minutes that is not responding to authentication requests is
passed over by requests for RADIUS authentication.

2.4.2 Configuring Switch to Use Vendor-Specific RADIUS Attributes

The Internet Engineering Task Force (IETF) draft standard specifies a method for
communicating vendor-specific information between the network access server and
the RADIUS server by using the vendor-specific attribute (attribute 26).

Vendor-specific attributes (VSAs) allow vendors to support their own extended

attributes not suitable for general use.

For more information about vendor-IDs and VSAs, refer to RFC 2138, Remote
Authentication Dial-In User Service (RADIUS). To configure the network access server
to recognize and use VSAs, use the following command in global configuration mode:

command purpose
radius-server vsa send [authentication] Enables the network access server to
recognize and use VSAs as defined by
RADIUS IETF attribute 26.

2.4.3 Specifying RADIUS Authentication

After you have identified the RADIUS server and defined the RADIUS authentication
key, you must define method lists for RADIUS authentication. Because RADIUS
authentication is facilitated through AAA, you must enter the aaa authentication
command, specifying RADIUS as the authentication method. For more information,
refer to the chapter "Configuring Authentication."

2.4.4 Specifying RADIUS Authorization

AAA authorization lets you set parameters that restrict a user's access to the network.
Authorization using RADIUS provides one method for remote access control, including
one-time authorization or authorization for each service, per-user account list and
profile, user group support, and support of IP, IPX, ARA, and Telnet. Because RADIUS
authorization is facilitated through AAA, you must issue the aaa authorization
command, specifying RADIUS as the authorization method. For more information,
refer to the chapter "Configuring Authorization."

2.4.5 Specifying RADIUS Accounting

The AAA accounting feature enables you to track the services users are accessing as
well as the amount of network resources they are consuming. Because RADIUS
accounting is facilitated through AAA, you must issue the aaa accounting command,
specifying RADIUS as the accounting method. For more information, refer to the
chapter "Configuring Accounting."

- 17 -
Security Configuration

2.5 RADIUS Configuration Examples

2.5.1 RADIUS Authentication and Authorization Example

The following example shows how to configure the router to authenticate and authorize
using RADIUS:
aaa authentication login use-radius group radius local

The lines in this sample RADIUS authentication and authorization configuration are
defined as follows:：

aaa authentication login use-radius radius local configures the router to use RADIUS
for authentication at the login prompt. If RADIUS returns an error, the user is
authenticated using the local database. In this example, use-radius is the name of the
method list, which specifies RADIUS and then local authentication.

RADIUS Authentication, Authorization, and Accounting Example

The following example shows a general configuration using RADIUS with the AAA
command set:：
radius-server host 1.2.3.4
radius-server key myRaDiUSpassWoRd
username root password AlongPassword
aaa authentication login admins radius local
line vty 1 16
login authentication admins

The lines in this example RADIUS authentication, authorization, and accounting

configuration are defined as follows:：

radius-server host command defines the IP address of the RADIUS server host.；

radius-server key command defines the shared secret text string between the network
access server and the RADIUS server host.

aaa authentication login admins group radius local command defines the
authentication method list "dialins," which specifies that RADIUS authentication and
then (if the RADIUS server does not respond) local authentication will be used on
serial lines using PPP.；

- 18 -
Security Configuration

Chapter 3 Web Authentication Configuration

The section describes the concept of Web authentication and configuration and usage
of the Web authentication.

3.1 Overview

3.1.1 Web Authentication

The Web authentication of the switch is a connection control mode as PPPoE and
802.1x. When you use the Web authentication, the login and logout operations can be
successfully performed through the interaction of the browser and the builtin portal
server of the switch. During the operations of login and logout, no other client software
need be installed.

1. Device role

The roles that the network devices take during the Web authentication are shown in
Figure 3-1:

z Client: It is a user computer that accesses network through the switch. The user
computer need be configured the network browser, the function of DHCP client
and the function to originate DNS query.

z DHCP server: It is to distribute the IP address for users.

z AAA server: It is to save user right information and to charge users for their
network access.

z Switch: It is a switch having Web authentication. It is to control the access right

of users and works as an agent between users and AAA server.

client DHCP server

HS1 HS2 OK1 OK2 PS

C OL-
ACT-
STA-
1 2 3 4 5 6 7 8 9101112 CONSOLE

switch

client AAA server

(RADIUS)

Figure 3-1 Web authentication network

- 19 -
Security Configuration

2. Authentication flow

According to different configuration strategies, the Web authentication flow of the

switch may relate to protocols such as DHCP and DNS. Its typical flow is shown in
Figure 3-2. The Web authentication flow generally contains the following steps:

(1) The DHCP server sends a DHCP confirmation request to a user through the
switch after the user originates the process of DHCP address distribution. The
switch then identifies and records the user.

(1) The user accesses any Website through the browser (Write down the domain
name, not the IP address, in the host part of the url column in the browser),
which activates the DNS request of the user computer.

(2) The DNS server returns the user a request response. The switch captures the
request response message and changes the resolved address to the address of
the built-in portal server in the switch.

(3) The DHCP confirmation process continues after the browser captures DNS
resolution. The switch returns the corresponding authentication page according
to different authentication methods after the switch receives the request.

(4) The user submits the authentication request; the switch authenticates the user
through the AAA server after the switch receives information submitted by the
user; if the authentication succeeds, the AAA server will be notified to start
charging; the switch gives the user the network access right and returns the user
a page that the authentication is successful; meanwhile, the switch also returns
a keep alive page, which periodically sends the user online notification to the
switch.

(5) The user sends the logout request to the switch through the browser. The switch
then notifies the AAA server to stop charging, and withdraws the network access
right from the user.

(6) In the period between successful user authentication and logout, the switch
periodically detects the user online notification. If the notification is not received
in the preset time, the switch consuders that the user abnormally logs off,
notifies the AAA server to stop charging and withdraws the network access right
from the user.

The above steps may vary a little with configuration strategies and user’s operations.
For example, if user directly accesses the portal server of the switch before the
authentication is approved, DNS-related processes will not be enabled.

- 20 -
Security Configuration

client switch dhcp server DNS server AAA server

DHCP ACK

DNS REQUERY

DNS RESPONSE

http request

http response(ask user to login)

http request(login)

authentication request

authentication result

start accounting request

start accounting result

authentication result

http request(keepalive)

http response(keepalive response)

http request(logout) stop accounting request

http response(logout)

Figure 3-2 web authentication flow

3.1.2 Planning Web Authentication

1. Planning the authentication mode

Two authentication modes are provided to control user's access:

Username/password authentication mode: In this mode, the switch identifies the user
through the username and password, and notifies the AAA server to start charging
according to username; user needs to enter the username and password through the
browser.

VLAN ID authentication mode: In this mode, the switch identifies the user through the
VLAN ID the user belongs to, and notifies the AAA server to start charging according to
VLAN ID; user only requires to confirm corresponding operations on the Web page
before accessing the network.

Different operation strategies adopt different authentication modes. The supported

maximum number of users that simultaneously access the network varies with the

- 21 -
Security Configuration

authentication mode. For the username/password authentication mode, the switch

supports simultaneously accessed users as many as its performance permits. For the
VLAN ID authentication mode, the maximum number of simultaneously accessed
users equals the number of VLAN that the switch supports.

2. Planning network topology

The switch takes the routing interface as a unit to set the authentication attribute. If the
Web authentication function is enabled on a routing interface, network accesses
through the routing interface are all controlled by the Web authentication. The DHCP
server, DNS server or AAA server should connect the switch through the interface
with Web authentication function disabled. Figure 3-3 shows the relative typical
network topology.

internet

DNS server DHCP server AAA server

l2switch

HS1 HS2 OK1 OK2 PS

COL-
ACT-
STA-
1 2 3 4 5 6 7 8 9101112 CONSOLE

l3switch

l2switch

user user user user user

Figure 3-3 Typical network topology

3.2 Configuring Web Authentication

3.2.1 Global Configuration

1. Configuring the address of the portal server

Run the following command in global configuration mode to configure the address of
the portal server:

Run… To...
web-auth portal-server A.B.C.D Configure the IP address of the portal server.

- 22 -
Security Configuration

2. Configuring authentication duration

The parameter authtime determines the maximum time of user's authentication. If the
authentication is not approved within the maximum time, the switch terminates the
authentication procedure.

Run the following command in global configuration mode to configure the

authentication duration (Unit: second):

Run... To...
web-auth authtime <60-65535> Configure the authentication duration.

3. Configuring the transmission period of the online notification

Through the online notification sent by the browser, the switch checks whether the
user is online.

Run the following command in global configuration mode to configure the transmission
period (unit: second):

Run... To...
web-auth keep-alive <60-65535> Configure the transmission period for the online
notification.

4. Configuring the duration to detect the abnormal logout

When the switch does not receive the user online notification from the browser in the
set duration, the switch considers that user logs out abnormally.

Run the following command in global configuration mode to configure the duration to
detect the abnormal logout:

Run... To...
web-auth holdtime <60-65535> Configure the duration to detect user’s abnormal
logout.

5. Configuring password for the VLAN ID authentication

When the authentication mode is set to VLAN ID, the switch takes vlan n as the user
name, n representing the corresponding VLAN serial number. All user names use the
same password.

Run the following command in global configuration mode to configure the password for
the VLAN ID authentication:

Run... To...
web-auth vlan-password <WORD> Configure the password for the VLAN ID
authentication.

- 23 -
Security Configuration

3.2.2 Interface Configuration

1. Configuring authentication mode

The switch provides two authentication modes: username/password and VLAN ID.

Run the following command in interface configuration mode to configure the

authentication mode:

Run... To...
web-auth mode user | vlan-id Configure the authentication mode.

2. Configuring authentication method list

Different authentication method lists can be applied on each interface. By default, the
authentication method list named default is applied on each interface.

Run the following command in interface configuration mode to configure the

authentication method list:

Run... To...
web-auth authentication WORD Configure the authentication method list.

3. Configuring the accounting method list

Different accounting method lists can be applied on each interface. By default, the
accounting method list named default is applied on each interface.

Run the following command in interface configuration mode to configure the

accounting method list:

Run... To...
web-auth accounting WORD Configure the accounting method list.

3.2.3 Enabling Web Authentication

If global configuration and interface configuration satisfy the requirements, you can
enable the Web authentication on the designated routing switch.

Run the following command in interface configuration mode to enable the Web
authentication:

Run... To...
web-auth enable Enable the Web authentication.

- 24 -
Security Configuration

3.3 Monitoring and Maintaining Web Authentication

3.3.1 Checking the Global Configuration

Run the following command in privileged mode to check the global configuration:

Run... To...
show web-auth Check the global configuration.

3.3.2 Checking Interface Configuration

Run the following command in interface configuration mode to check the interface
configuration:

Run... To...
show web-auth interface [vlan | Check the interface configuration.
SuperVlan]

3.3.3 Checking User State

Run the following command in privileged mode to check the user state:

Run... To...
show web-auth user Check the user state.

3.3.4 Mandatorily Kicking Out Users

Run the following command in global configuration mode to mandatorily kick out a
user.

Run... To...
web-auth kick-out user-IP Mandatorily kick out a user.

3.4 Web Authentication Configuration Example

Network topology

See Figure 3-4:

- 25 -
Security Configuration

internet

DNS server DHCP server AAA server

(192.168.20.1) (192.168.20.2)

F0/4
l2switch
F0/2

HS1 HS2 OK1 OK2 PS

COL-
ACT-
STA-
1 2 3 4 5 6 7 8 9 101112 CONSOLE

l3switch

F0/1
F0/3

l2switch

user1 user2 user3

Figure 3-4 Network topology

Global configuration

aaa authentication login auth-weba radius

aaa accounting network acct-weba start-stop radius
!
radius-server host 192.168.20.2 auth-port 1812 acct-port 1813
radius-server key 405.10
!
ip dhcpd enable
ip http server
!
vlan 1-4
!
web-auth portal-server 192.168.20.41
web-auth holdtime 3600
web-auth authtime 600
web-auth keep-alive 180

Configuration of the layer-2 interface

interface FastEthernet0/1
switchport pvid 1
!
interface FastEthernet0/2
switchport pvid 2

- 26 -
Security Configuration

!
interface FastEthernet0/3
switchport pvid 3
!
interface FastEthernet0/4
switchport pvid 4

Configuration of the routing interface

interface VLAN1
no ip directed-broadcast
ip helper-address 192.168.20.1
web-auth accounting acct-weba
web-auth authentication auth-weba
web-auth mode vlan-id
web-auth enable
!
interface VLAN2
ip address 192.168.20.41 255.255.255.0
no ip directed-broadcast
!
interface VLAN3
no ip directed-broadcast
ip helper-address 192.168.20.1
web-auth accounting acct-weba
web-auth authentication auth-weba
web-auth mode user
web-auth enable
!
interface VLAN4
no ip directed-broadcast
!

- 27 -

5200 8308 Security Configuration Guide
No ratings yet
5200 8308 Security Configuration Guide
773 pages
Troubleshooting MSR Series Comware 7
No ratings yet
Troubleshooting MSR Series Comware 7
682 pages
Maestro XS Reference Manual Version 2.0 PDF
33% (3)
Maestro XS Reference Manual Version 2.0 PDF
130 pages
PROKON Footing-Design-Calculation PDF
100% (3)
PROKON Footing-Design-Calculation PDF
45 pages
OpenScape Voice V7, Security Checklist, Planning Guide, Issue 2 - Addfiles
No ratings yet
OpenScape Voice V7, Security Checklist, Planning Guide, Issue 2 - Addfiles
45 pages
Administering Avaya Session Border Controller For Enterprise 10-10-2019 PDF
100% (1)
Administering Avaya Session Border Controller For Enterprise 10-10-2019 PDF
644 pages
R13xx-HPE FlexNetwork 5510 HI Security Configuration Guide-A00007135en - Us
No ratings yet
R13xx-HPE FlexNetwork 5510 HI Security Configuration Guide-A00007135en - Us
613 pages
NE40E-M2 V800R010C10SPC500 Configuration Guide - User Access 01
No ratings yet
NE40E-M2 V800R010C10SPC500 Configuration Guide - User Access 01
775 pages
R2220-HP 5120 EI Switch Series Security Configuration Guide - Download
No ratings yet
R2220-HP 5120 EI Switch Series Security Configuration Guide - Download
369 pages
HPE FlexFabric 5945 Switch Series Security Configuration Guide-Release 655x
No ratings yet
HPE FlexFabric 5945 Switch Series Security Configuration Guide-Release 655x
733 pages
Configure System Security Features: User Manual
No ratings yet
Configure System Security Features: User Manual
144 pages
621 MX Sag
No ratings yet
621 MX Sag
469 pages
GRC 12
100% (1)
GRC 12
52 pages
AAA Network Security Services
100% (1)
AAA Network Security Services
20 pages
Serveriron Adx: Graphical User Interface Guide
No ratings yet
Serveriron Adx: Graphical User Interface Guide
212 pages
DataPower SOA Appliance Administration Deployment and Best Practices
No ratings yet
DataPower SOA Appliance Administration Deployment and Best Practices
300 pages
Barracuda Web Application Firewall Best Practices Guide PDF
No ratings yet
Barracuda Web Application Firewall Best Practices Guide PDF
14 pages
RG-S7808C Series Switch RGOS Configuration Guide, Release 11.0 (4) B2P1-Security
No ratings yet
RG-S7808C Series Switch RGOS Configuration Guide, Release 11.0 (4) B2P1-Security
402 pages
HP 3600 v2 Switch Series - Security Configuration Guide
No ratings yet
HP 3600 v2 Switch Series - Security Configuration Guide
398 pages
14 AAA Configuration
No ratings yet
14 AAA Configuration
92 pages
Bitdefender GravityZone AdministratorsGuide 1 EnUS
No ratings yet
Bitdefender GravityZone AdministratorsGuide 1 EnUS
261 pages
Powerconnect-8024 Reference Guide En-Us
No ratings yet
Powerconnect-8024 Reference Guide En-Us
1,818 pages
Foundation Admin 2023
No ratings yet
Foundation Admin 2023
152 pages
01-01 AAA Configuration
No ratings yet
01-01 AAA Configuration
253 pages
SAP PE Admin Guide
No ratings yet
SAP PE Admin Guide
74 pages
QRadar 71MR2 AdminGuide
No ratings yet
QRadar 71MR2 AdminGuide
316 pages
AAA & TACAS Basic
No ratings yet
AAA & TACAS Basic
4 pages
Dell SonicWALL E-Class SRA 10.6.2 Admin Guide
No ratings yet
Dell SonicWALL E-Class SRA 10.6.2 Admin Guide
585 pages
Foundation Admin
No ratings yet
Foundation Admin
160 pages
CIS Cisco ASA 9.x Firewall Benchmark v1.0.0
No ratings yet
CIS Cisco ASA 9.x Firewall Benchmark v1.0.0
193 pages
CIS Cisco Firewall v8
No ratings yet
CIS Cisco Firewall v8
181 pages
Security Admin
No ratings yet
Security Admin
209 pages
Professor Messer - Professor Messer's SY0-701 COMPTIA Security+ Course Notes - Libgen - Li
100% (24)
Professor Messer - Professor Messer's SY0-701 COMPTIA Security+ Course Notes - Libgen - Li
107 pages
05-Security Command
No ratings yet
05-Security Command
68 pages
BC Docs Support SupportManual c02642109 c02642109 PDF
No ratings yet
BC Docs Support SupportManual c02642109 c02642109 PDF
304 pages
13 AAA Principles and Configuration
No ratings yet
13 AAA Principles and Configuration
21 pages
Heat Pipes Write Up With Example
No ratings yet
Heat Pipes Write Up With Example
9 pages
Stats1 Chapter 2::: Measures of Location & Spread
No ratings yet
Stats1 Chapter 2::: Measures of Location & Spread
53 pages
ISI-Entrance Solutions: Economics
No ratings yet
ISI-Entrance Solutions: Economics
4 pages
P8560mfp Sys Admin Guide en 70d2
No ratings yet
P8560mfp Sys Admin Guide en 70d2
98 pages
CP R80BC SecurityGateway TechAdminGuide
No ratings yet
CP R80BC SecurityGateway TechAdminGuide
37 pages
Determination of PKa Values For API
100% (1)
Determination of PKa Values For API
9 pages
CompTIA Security+ (SY0-701)
83% (12)
CompTIA Security+ (SY0-701)
405 pages
Network Management Card 4: Security Handbook, Firmware Version 6.x, 15.x and 18.x
No ratings yet
Network Management Card 4: Security Handbook, Firmware Version 6.x, 15.x and 18.x
29 pages
AAA2.0 Manual
No ratings yet
AAA2.0 Manual
105 pages
03-Security Configuration Commands
No ratings yet
03-Security Configuration Commands
26 pages
CCNASv2 - InstructorPPT - CH3 AAA Updated
No ratings yet
CCNASv2 - InstructorPPT - CH3 AAA Updated
42 pages
Lesson13-AAA Principles and Configuration
No ratings yet
Lesson13-AAA Principles and Configuration
22 pages
13 AAAPrinciplesand Configuration
No ratings yet
13 AAAPrinciplesand Configuration
19 pages
Presentation PPT On Cybersecurity.
89% (9)
Presentation PPT On Cybersecurity.
22 pages
Av Security
No ratings yet
Av Security
86 pages
Niagara AX Hardening Guide
No ratings yet
Niagara AX Hardening Guide
34 pages
03-AS2300 Security Configuration Commands
No ratings yet
03-AS2300 Security Configuration Commands
53 pages
NETIQ AM Bestpractices
No ratings yet
NETIQ AM Bestpractices
38 pages
Group E Presentation
No ratings yet
Group E Presentation
12 pages
13 AAA Principles and Configuration
No ratings yet
13 AAA Principles and Configuration
21 pages
Cyber Security Questions and Answers PDF
82% (11)
Cyber Security Questions and Answers PDF
234 pages
15 AAA Principles and Configuration
No ratings yet
15 AAA Principles and Configuration
16 pages
Session 06
No ratings yet
Session 06
8 pages
S1720&S2700&S5700&S6720 Series Ethernet Switches Configuration Guide - User Access and Authentication
No ratings yet
S1720&S2700&S5700&S6720 Series Ethernet Switches Configuration Guide - User Access and Authentication
8 pages
AAA Overview
No ratings yet
AAA Overview
6 pages
Network Security Strategies
100% (10)
Network Security Strategies
378 pages
Cyber-Security of SCADA and Other Industrial Control Systems
100% (10)
Cyber-Security of SCADA and Other Industrial Control Systems
368 pages
Practice Problems For Mid Term Test
No ratings yet
Practice Problems For Mid Term Test
11 pages
SOC Fundamentals
88% (8)
SOC Fundamentals
21 pages
Penetration Testing Step-By-Step Guide
92% (12)
Penetration Testing Step-By-Step Guide
417 pages
Information Security Questions and Answers
83% (99)
Information Security Questions and Answers
42 pages
Data Analytics For CyberSecurity
100% (5)
Data Analytics For CyberSecurity
207 pages
Practical AI For Cybersecurity
100% (3)
Practical AI For Cybersecurity
292 pages
Computer and Network Security Essentials 2018 PDF
100% (11)
Computer and Network Security Essentials 2018 PDF
609 pages
Introduction To Cyber Security
100% (4)
Introduction To Cyber Security
106 pages
EIDMAT0806 AB A1 Ans
No ratings yet
EIDMAT0806 AB A1 Ans
41 pages
Case 9.2 Aiding Allies PDF
No ratings yet
Case 9.2 Aiding Allies PDF
12 pages
82bace127438068b8ebe
No ratings yet
82bace127438068b8ebe
73 pages
The Complete Cyber Security Course, Hacking Exposed
96% (28)
The Complete Cyber Security Course, Hacking Exposed
282 pages
Ethical Hacking - Learn Penetration Testing, Cybersecurity Wi
100% (6)
Ethical Hacking - Learn Penetration Testing, Cybersecurity Wi
112 pages
Red Team Training
100% (2)
Red Team Training
16 pages
Top 50 Cybersecurity Interview Questions
100% (2)
Top 50 Cybersecurity Interview Questions
15 pages
Steel Tips - Base Plates 1
No ratings yet
Steel Tips - Base Plates 1
6 pages
Classification of Air Masses and Fronts - Geography Optional - UPSC - Digitally Learn
No ratings yet
Classification of Air Masses and Fronts - Geography Optional - UPSC - Digitally Learn
14 pages
Zebex Z-6XXX Programming Guide
No ratings yet
Zebex Z-6XXX Programming Guide
94 pages
High-Performance Liquid Chromatography Determination of Zn-Bacitracin in Animal Feed by Post-Column Derivatization and Fluorescence Detection
No ratings yet
High-Performance Liquid Chromatography Determination of Zn-Bacitracin in Animal Feed by Post-Column Derivatization and Fluorescence Detection
8 pages
IT Policies, Procedures and Standards v1
100% (2)
IT Policies, Procedures and Standards v1
176 pages
Basics of ICS Cyber Security Solutions PDF
100% (2)
Basics of ICS Cyber Security Solutions PDF
27 pages
ICS - Asset Management
No ratings yet
ICS - Asset Management
59 pages
Cybersecurity Information Gathering Using Kali Linux
100% (5)
Cybersecurity Information Gathering Using Kali Linux
93 pages
MS-MO6-L02-Theory of Columns-Rankine Formula
No ratings yet
MS-MO6-L02-Theory of Columns-Rankine Formula
11 pages
Incident Response Plan
No ratings yet
Incident Response Plan
7 pages
Truss Bridge
No ratings yet
Truss Bridge
23 pages
Incident Response Play Book
100% (1)
Incident Response Play Book
21 pages
Get Finite Element Design of Concrete Structures 2nd Ed Edition G. A. Rombach PDF Ebook With Full Chapters Now
100% (9)
Get Finite Element Design of Concrete Structures 2nd Ed Edition G. A. Rombach PDF Ebook With Full Chapters Now
85 pages
I - V Converter
No ratings yet
I - V Converter
4 pages
5.0SMLJ24A Datasheet
No ratings yet
5.0SMLJ24A Datasheet
5 pages
Probability of One Event
No ratings yet
Probability of One Event
14 pages
AC Voltmeter: PMMC Based: Known: FSD of I Solution
No ratings yet
AC Voltmeter: PMMC Based: Known: FSD of I Solution
21 pages
Cyber Incident Response Plan : Important: Complete Highlighted Sections Before Activating This Plan
100% (1)
Cyber Incident Response Plan : Important: Complete Highlighted Sections Before Activating This Plan
26 pages
Science
No ratings yet
Science
4 pages
GRAPHS
No ratings yet
GRAPHS
3 pages
09 2024
No ratings yet
09 2024
37 pages
Cybersecurity Roadmap
No ratings yet
Cybersecurity Roadmap
1 page
Parameter Estimation of A Plucked String Synthesis Model Using A Genetic Algorithm With Perceptual Fitness Calculation
No ratings yet
Parameter Estimation of A Plucked String Synthesis Model Using A Genetic Algorithm With Perceptual Fitness Calculation
15 pages
Themes - Flutter
No ratings yet
Themes - Flutter
5 pages
Maths Practice Set 6 Solved (Combined Graduate Level Exam (CGLE) )
No ratings yet
Maths Practice Set 6 Solved (Combined Graduate Level Exam (CGLE) )
12 pages
Half Deflection
No ratings yet
Half Deflection
4 pages
Nandha Engineering College, Erode-52 (: 15ME603 - Finite Element Analysis
No ratings yet
Nandha Engineering College, Erode-52 (: 15ME603 - Finite Element Analysis
4 pages
NIST Cybersecurity For IOT
No ratings yet
NIST Cybersecurity For IOT
30 pages
Windows 7 Hyper Terminal
No ratings yet
Windows 7 Hyper Terminal
4 pages
Cyber Security in Power System
No ratings yet
Cyber Security in Power System
5 pages
Network Intrusion Detection System Using
No ratings yet
Network Intrusion Detection System Using
9 pages
False Data Injection Attacks On LFC Systems An AI-Based Detection and Countermeasure Strategy
No ratings yet
False Data Injection Attacks On LFC Systems An AI-Based Detection and Countermeasure Strategy
9 pages
Defense in Depth 2016 S508C PDF
No ratings yet
Defense in Depth 2016 S508C PDF
58 pages
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)
BlockChain for Beginners
From Everand
BlockChain for Beginners
Matthew Smith
No ratings yet
Cybersecurity for Executives: A Guide to Protecting Your Business
From Everand
Cybersecurity for Executives: A Guide to Protecting Your Business
Matthew C. Smith
No ratings yet
The Linux Terminal for Advanced Users - The Command Line Made Easy: First Edition
From Everand
The Linux Terminal for Advanced Users - The Command Line Made Easy: First Edition
Michael Basler
No ratings yet
10K Blueprint
From Everand
10K Blueprint
Cian O Farrell
5/5 (2)
ChatGPT for Business: Strategies for Success
From Everand
ChatGPT for Business: Strategies for Success
Matthew C. Smith
No ratings yet
Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your Traffic
From Everand
Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your Traffic
Jay Nans
No ratings yet
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
From Everand
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
Matthew C. Smith
No ratings yet
Software Patterns Made Easy
From Everand
Software Patterns Made Easy
Justice Nanhou
No ratings yet