Users Guide
Contents 13
Access Lines (AAA) . . . . . . . . . . . . . . . . 251
Access Lines (Non-AAA)
. . . . . . . . . . . . . . 252
Authentication
. . . . . . . . . . . . . . . . . . . . . . 253
Authentication Access Types
. . . . . . . . . . . 253
Authentication Manager
. . . . . . . . . . . . . . 254
Using RADIUS
. . . . . . . . . . . . . . . . . . . . 263
Using TACACS+ Servers to Control Management
Access . . . . . . . . . . . . . . . . . . . . . . . 268
Dynamic ACL Overview
. . . . . . . . . . . . . . . 270
Authentication Examples
. . . . . . . . . . . . . . 277
Public Key SSH Authentication Example
. . . . . . 285
Associating a User With an SSH Key
. . . . . . . 294
Authorization
. . . . . . . . . . . . . . . . . . . . . . . 296
Exec Authorization Capabilities
. . . . . . . . . . 296
Authorization Examples
. . . . . . . . . . . . . . . 298
RADIUS Change of Authorization
. . . . . . . . . . 300
TACACS Authorization
. . . . . . . . . . . . . . . 305
Accounting
. . . . . . . . . . . . . . . . . . . . . . . . 309
RADIUS Accounting
. . . . . . . . . . . . . . . . 309
IEEE 802.1X
. . . . . . . . . . . . . . . . . . . . . . . . 312
What is IEEE 802.1X?
. . . . . . . . . . . . . . . . 312
What are the 802.1X Port Authentication Modes?
. 313
What are Authentication Host Modes
. . . . . . . 314
What is MAC Authentication Bypass?
. . . . . . . 315
What is the Role of 802.1X in VLAN Assignment?
. 317
What is Monitor Mode?
. . . . . . . . . . . . . . 321
How Does the Authentication Server Assign
DiffServ Policy or ACLs?
. . . . . . . . . . . . . . 323
What is the Internal Authentication Server?
. . . . 323
Default 802.1X Values
. . . . . . . . . . . . . . . . 323
Configuring IEEE 802.1X (Web)
. . . . . . . . . . . 324