Specifications

ManualsBrandsCisco ManualsComputer equipmentAS5800

151

152

153

154

155

156

157

158

159

160

Table Of Contents

4-16

Cisco AS5800 Operations, Administration, Maintenance, and Provisioning Guide

DOC-7810814=

Chapter 4 Administration

Access Service Security

–

CHANGE PASSWORD - A request is issued by the RADIUS server, asking the user to select

a new password.

The ACCEPT or REJECT response is bundled with additional data that is used for EXEC or network

authorization. You must first complete RADIUS authentication before using RADIUS authorization.

The additional data included with the ACCEPT or REJECT packets consists of the following:

• Services that the user can access, including Telnet, rlogin, local-area transport (LAT) connections,

and PPP, Serial Line Internet Protocol (SLIP), or EXEC services.

• Connection parameters, including the host or client IP address, access list, and user timeouts.

RADIUS Configuration Task List

To configure RADIUS on your Cisco AS5800, you must perform the following tasks:

• Use the aaa new-model global configuration command to enable AAA. AAA must be configured

if you plan to use RADIUS. For more information about using the aaa new-model command, refer

to the “AAA Commands” section on page 4-23.

• Use the aaa authentication global configuration command to define method lists for RADIUS

authentication. For more information about using the aaa authentication command, refer to the

“Specify RADIUS Authentication” section on page 4-20.

• Use line and interface commands to enable the defined method lists to be used. For more

information, refer to the “Specify RADIUS Authentication” section on page 4-20.

The following configuration tasks are optional:

• Use the aaa authorization global command to authorize specific user functions. For more

information about using the aaa authorization command, refer to the “Specify RADIUS

Authorization” section on page 4-20.

• Use the aaa accounting command to enable accounting for RADIUS connections. For more

information about using the aaa accounting command, refer to the “Specify RADIUS Accounting”

section on page 4-20.

This section describes how to set up RADIUS for authentication, authorization, and accounting on your

network, and includes the following sections:

• Configure Router to RADIUS Server Communication, page 4-17

• Configure Router to Use Vendor-Specific RADIUS Attributes, page 4-17

• Configure Router for Vendor-Proprietary RADIUS Server Communication, page 4-18

• Configure Router to Query RADIUS Server for Static Routes and IP Addresses, page 4-19

• Configure Router to Expand Network Cisco AS5800 Port Information, page 4-19

• Specify RADIUS Authentication, page 4-20

• Specify RADIUS Authorization, page 4-20

• Specify RADIUS Accounting, page 4-20