Scribd Logo
Upload

Welcome to Scribd!

  • Redes Seguras: Docentes Del Curso 2019

    Uploaded by

    MasterDefcom
    17 views55 pages
    ccna5

    Original Title

    ccna

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ccna5

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    17 views55 pages

    Redes Seguras: Docentes Del Curso 2019

    Uploaded by

    MasterDefcom
    ccna5

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 55

    REDES SEGURAS

    Docentes del Curso


    2019
    Chapter 3:
    Authentication, Authorization,
    and Accounting

    CCNA Security v2.0


    1. Introduction

    2. Purpose of the AAA

    3. Local AAAAuthentication

    4. Server-Based AAA

    5. Server-Based AAAAuthentication

    6. Server-Based Authorization and Accounting

    7. Summary

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 3


    Upon completion of this section, you should be able to:
    • Explain why AAA is critical to network security.

    • Describe the characteristics of AAA.

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 4


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 4
    Telnet is Vulnerable to Brute-Force Attacks

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 6


    SSH and Local Database Method

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 7


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 8
    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 8
    Local AAA
    Authentication

    Server-Based
    AAAAuthentication

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 10


    AAA Authorization

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 11


    Types of accounting information:
    • Network

    • Connection

    • EXEC AAAAccounting
    • System

    • Command

    • Resource

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 12


    Upon completion of this section, you should be able to:

    • Configure AAA authentication, using the CLI, to validate users against a local
    database.
    • Troubleshoot AAA authentication that validates users against a local database.

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 13


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 13
    1. Add usernames and passwords to the local router database for users that
    need administrative access to the router.
    2. Enable AAA globally on the router.
    3. Configure AAA parameters on the router.
    4. Confirm and troubleshoot the AAA configuration.

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 15


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 16
    Example Local AAAAuthentication

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 17


    Command
    Syntax

    Display Locked
    Out Users

    Show Unique ID
    of a Session

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 18


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 18
    Debug Local AAA Authentication

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 20


    Understanding Debug Output

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 21


    Upon completion of this section, you should be able to:
    • Describe the benefits of server-based AAA.

    • Compare the TACACS+ and RADIUS authentication protocols.

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 22


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 22
    Local authentication:

    1. User establishes a connection


    with the router.

    2. Router prompts the user for a


    username and password,
    authentication the user using a
    local database.

    Server-based authentication:

    1. User establishes a connection


    with the router.

    2. Router prompts the user for a


    username and password.

    3. Router passes the username and


    password to the Cisco Secure
    ACS (server or engine)

    4. The Cisco SecureACS


    authenticates the user.
    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 24
    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 25
    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 25
    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 27
    TACACS+ Authentication Process

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 28


    RADIUS Authentication Process

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 29


    Cisco Secure ACS

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 30


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 31
    Upon completion of this section, you should be able to:
    • Configure server-based AAA authentication, using the CLI, on Cisco routers.

    • Troubleshoot server-based AAA authentication.

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 32


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 32
    1. Enable AAA.
    2. Specify the IP address of the ACS server.
    3. Configure the secret key.
    4. Configure authentication to use either the RADIUS or
    TACACS+ server.

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 34


    Server-Based AAA
    Reference Topology

    Configure a AAA
    TACACS+ Server

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 35


    Configure a AAA RADIUS Server

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 36


    Command Syntax

    Configure Server-Based
    AAAAuthentication

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 37


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 37
    Troubleshooting Server-Based AAA Authentication

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 39


    Troubleshooting RADIUS

    Troubleshooting TACACS+

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 40


    AAA Server-Based
    Authentication Success

    AAA Server-Based
    Authentication Failure

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 41


    Upon completion of this section, you should be able to:
    • Configure server-based AAA authorization.

    • Configure server-based AAA accounting.

    • Explain the functions of 802.1x components.

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 42


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 42
    Authentication vs. Authorization
    • Authentication ensures a device or end-user is legitimate
    • Authorization allows or disallows authenticated users access to certain
    areas and programs on the network.

    TACACS+ vs. RADIUS


    • TACACS+ separates authentication from authorization
    • RADIUS does not separate authentication from authorization

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 44


    Command Syntax

    Authorization Method Lists

    Example AAAAuthorization

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 45


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 45
    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 47
    Command Syntax

    Accounting Method Lists

    Example AAAAccounting

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 48


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 48
    802.1X Roles

    802.1X Message Exchange

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 50


    Command Syntax for dot1x port-control

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 51


    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 52
    Chapter Objectives:
    • Explain how AAA is used to secure a network.

    • Implement AAA authentication that validates users against a local database.

    • Implement server-based AAA authentication using TACACS+ and RADIUS


    protocols.
    • Configure server-based AAA authorization and accounting.

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 53


    Thank you.
    • Remember, there are
    helpful tutorials and user
    guides available via your
    NetSpace home page. 1
    (https://www.netacad.com) 2
    • These resources cover a
    variety of topics including
    navigation, assessments,
    and assignments.
    • A screenshot has been
    provided here highlighting
    the tutorials related to
    activating exams, managing
    assessments, and creating
    quizzes.

    © 2013 Cisco and/or its affiliates. All rightsreserved. Cisco Public 54

    You might also like