Cấu Hình Aaa

CU HNH AAA- Vic cu hnh AAA c thc hin theo ba bc nh sau:Bc 1: Bt t!nh n"n# cho $h%$ cu hnh AAA t&'n &oute&( )&on# su*t +u, t&nh -,c .nh AAA/ &oute& $h0i cu hnh sao cho n1 2u3n n1i chu4n c 5i )ACAC678A9:U6 se&5e&(Bc 2: ;,c .nh n# c -,c thc/ c c$ +u4?n nh th@ n=o/ 5= c,i # s> #i,A s,t cB sC DE 2iu(Bc 3: Cho $h%$ hoFc .nh n#hGa $hBn# thHc t&'n #iao ti@$(- C,c $hIn ti@$ theo s> n1i AJt c,ch chi ti@t c,ch thHc bt chHc n"n# AAA Kbc LM/ c,chthHc -,c .nh $hBn# thHc N -,c thc/ c$ +u4?n/ 5= t!nh cc Kbc OM/ 5= c,ch thHc -,c .nh AAA t&'n AJt inte&Pace Kbc QM( RN cho #Sn 5= DT D=n# hiNu hBn/ ta c1 thN #J$hai bc O 5= Q 2Ui 2=A AJt(- ChV W &Xn# AJt Yhi AAA Z c cho $h%$ t&'n &oute&/ bt Y inte&Pace 5= $hBn# thHc Y@t n*i n=o c[n# $h0i .nh n#hGa hoFc Yh3n# cho $h%$ t&u4 c$ 5=o( 9o 1/ i?u +uan t&Sn# nht 2= $h0i tUo AJt \c,nh c]a hu^ KbacY Doo&M ha4 2= c,ch thHc t&u4 c$ c_c bJ K2oca2M t&on# su*t +u, t&nh t&iNn Yhai ban Iu N b0o 0A &Xn# &oute& 2u3n c1 thN t&u4 c$c n@u ta +u'n nhEn# # Z cu hnh t&c 1( L( Bc 1- Cho php chc nng AAA trn router:- RN cho $h%$ AAA t&'n &oute&/ ta s] D_n# cù 2nh sau:8oute&KconPi#Maaaa neb-AoDe2- cJt Yhi AAA c cho $h%$ th &oute& $h0i chd @n .a chd sou&ce cea AAA se&5e&( Vi )ACAC6 se&5e&/ th cù 2nh s> 2=:8oute&KconPi#Matacacs-se&5e& host host-i$-aDD&ess fsin#2e-connectiong8oute&KconPi#Matacacs-se&5e& Ye4 se&5e&Ye4)haA s* host-ip-address -,c .nh .a chd cea )ACAC6 se&5e&( )haA s* single-connection cho bi@t &oute& Du4 t& AJt Y@t n*i Bn t&on# su*t $hi'n 2=A 5ic #iEa &oute& 5= AAA se&5e&( - cJt $assbo&D chun# c Dhn# #iEa access &oute& 5= AAA se&5e& N b0o At th3n# tin(V! D_/ cù 2nh cho $h%$ thi@t 2$ $assbo&D t&'n &oute& nh sau:8oute&KconPi#Matacacs-se&5e& Ye4 ciscoiassbo&D c chSn $h0i #i*n# $assbo&D cu hnh nh t&'n AAA se&5e&( iassbo&D $h`n bit Y! t hoa/ Y! t th c YiNA t&a t&c ti'n/ sau 1 use&naAe7$assbo&D c_c bJ t&'n A,4 s> c s] D_n# n@u )ACAC6{ Yh3n# $hh h$ ha4 t&0 5? AJt 2xi Ke&&o&M(2.1.?:- Cù 2nh ((( (uthent)c(t)on (n.) c s] D_n# Y@t h$ 5i 2nh (n.) (uthent)c(t)on t&on# 5ic cu hnh 2ine N A3 t0 $hBn# thHc c s] Dhn# Yhi AJt NA6: use& Au*n t&u4 c$ 5=o &oute&(CV $h,$ cù 2nh nh sau:((( (uthent)c(t)on (n.) p,e-(u+t q 2ist-naAer AethoDL fAethoDOg fAethoDQg fAethoDsg- C,c $hBn# $h,$ c Dhn# t&on# cù 2nh n=4:u +oc(+: $hBn# $h,$ n=4 -,c .nh -,c thc bXn# 5ic s] D_n# cF$ u.ern(0e 4444 p(..6or, ---- t&'n &oute&(u en(b+e: $hBn# $h,$ n=4 -,c .nh &Xn# s> s] D_n# cù 2nh en(b+e p(..6or, N -,c thc t&'n inte&Pace( Vic -,c thc c thc hin bXn# 5ic so s,nh $assbo&D n# b. 4'u cIu -,c thc )ACAC6{ t&c ti'n 5= sau 1 s> s] D_n# use&naAe7$assbo&D c_c bJ n@u )ACAC6{ b. 2xi ha4 Yh3n# th!ch h$(2.2. C"p #u$%n 'Author)@(t)on*:- cJt Yhi use& Z c -,c thc/ th ta cIn #ii hUn nhEn# +u4?n A= hS c $h%$ s] D_n#( Ri?u 1 c thc hin th3n# +ua cù 2nh aaa autho&iation( NhEn# #ii hUn c1 thN ,$ Ft 5=o hoUt Jn# ha4 D.ch 5_ c 4'u cIu bCi &oute&( Vi 5ic c$ thoA +u4?n/ AAA thi@t 2$ AJt subaDAinist&ato& N cho $h%$ t&u4 c$ 5=o ch@ J conPi#u&ation AoDe/nhn# 5i Yh0 n"n# 2= chd c1 thN s] D_n# AJt t$ nhv c,c 2nh c $h%$( cFc Dh c1 thN/ 5ic cu hnh &oute& s> b. hUn ch@(- CV $h,$ Dhn# N c$ +u4?n Yh, Bn #i0n/ n1 -,c .nh hoUt Jn# ha4 D.ch 5_ Knetbo&Y/ e-ec/ coAAanD 2e5e2/ conPi#-coAAanD/ &e5e&se-accessM c s] D_n# cho use&( 9Un# tnn# +u,t cea cù 2nh c$ thoA +u4?n 2=:((( (uthor)@(t)on .erv)ce-t$pe p,e-(u+t q 2ist-naAer AethoDL fAethoDOg fAethoDQg fAethoDsgCù 2nh t&'n c1 W n#hGa nh sau:((( (uthor)@(t)on Do-bhatw checY-hobwcnh ? ,o-6h(tA c1 thN 2=:u net6or;: thaA s* n=4 Dhn# $hBn# $h,$ checY-hobw N c$ +u4?n 5= thi@t 2$ c,c 4'ucIu D.ch 5_ c1 2i'n +uan @n AUn# nh 2= 6:i/ iii(u eBec: thaA s* n=4 Dhn# $hBn# $h,$ checY-hobw N c$ +u4?n n@u use& c $h%$ tUohoFc chU4 t&on# ch@ J ;C she22( N@u )ACAC6{ hoFc 8A9:U6 c s] D_n#/ th c1 thN cB sC DE 2iu s> t&0 5? AJt th3n# tin 5i cù 2nh t Jn# cho n# c YiNA t&a( u )--(uthent)c(te,: 5i thaA s* n=4/ n@u AJt use& c -,c thc &ki/ th hS c $h%$ thi@t 2$ chHc n"n#( ChV W &Xn# C `4 Yh3n# YiNA t&a thoA +u4?n A= chd cIn use& c1 t&on# cB sC DE 2iu 2= Z $hh h$(u none: 5i thaA s* n=4/ &oute& Yh3n# li hvi th3n# tin thoA +u4?n cho Do-bhatw( )hoA +u4?n Yh3n# c thi@t 2$ 5= AJt cù t&u4 5n s> c #Ci @n cB sC DE 2iu(u +oc(+: 5i thaA s* n=4/ &oute& hoFc access se&5e& s> YiNA t&a use&naAe7$assbo&D c cu hnh C ch@ J conPi#u&e AoDe 2u c_c bJ t&on# &oute&(u r(,)u.: 5i thaA s* n=4/ thoA +u4?n 8A9:U6 s> c thc hin bXn# 5ic #n c,c thuJc t!nh cho use&naAe t&'n 8A9:U6 se&5e&( cxi use&naAe chn# 5i thuJc t!nh c 2u t&E b'n t&on# 8A9:U6 Database(u ;rb:-)n.t(nce: 5i thaA s* n=4/ &oute& s> t&u4 5n @n ~e&be&os se&5e& N 4'u cIu c$ thoA +u4?n( )hoA +u4?n s> c 2u t&on# ~e&be&os se&5e&(- Nhn chun#/ thoA +u4?n c1 thN c=i Ft theo nhi?u c,ch( Vn ? 2= tA Yi@A -eA th] t&on# Database ha4 t=i n#u4'n n=o c1 cF$ AV ha4 thuJc t!nh N cun# c$ cho &oute& cù t&0 2 Yh3n# th] -,c thc th'A $hBn# $h,$ ti@$ theo t&on# 2istnaAe nEa(2.1.2.1.7. AAA Authent)c(t)on A8A9Cù 2nh ((( (uthent)c(t)on (r(pc s] D_n# Y@t h$ 5i 2nh (r(p (uthent)c(t)on t&on# 5ic cu hnh 2ine( N1 A3 t0 c,ch thHc A= A8Ai use& an# th] t&u4 c$ 5=o &oute&(CV $h,$ cù 2nh nh sau:((( (uthent)c(t)on (r(p p,e-(u+t q list-namer method1 fmethod2g fmethod3g fmethod4g C,c $hBn# $h,$ c Dhn# t&on# cù 2nh n=4:+)ne: $hBn# $h,$ n=4 -,c .nh s] D_n# $assbo&D N -,c thc 5=o inte&Pace( Cù 2nh n=4 c s] D_n# t&on# cù 2nh 2o#in 5= $assbo&D t&on# ttn# 2ine Kconso2e/ 5t4/(((M+oc(+: $hBn# $h,$ n=4 -,c .nh -,c thc bXn# 5ic s] D_n# cF$ u.ern(0e yyyy p(..6or, (((( t&'n &oute&(t(c(c.3: $hBn# $h,$ n=4 -,c .nh s] D_n# )ACAC6 se&5e& N -,c thc(gue.t: $hBn# $h,$ n=4 cho $h%$ 2o#in 5=o n@u use&naAe 2= #uest( )h4 chSn n=4 chd $hh h$ 5i A8Ai((uth-gue.t: $hBn# $h,$ n=4 cho $h%$ Yh,ch chd c 2o#in 5=o n@u use& Z 2o#in 5=o ch@ J ;C t&'n &oute& 5= an# YhCi tUo ti@n t&nh A8Ai(ChV W &Xn# AFc .nh th Yh,ch 5i@n# th"A Yh3n# thN 2o#in th3n# +ua A8Ai Yhi ta YhCi tUo AAA( Cù 2nh ((( (uthent)c(t)on (r(p5i hai tt Yh1a gue.t hoFc (uth-gue.t s> cIn thi@t N Yh,ch t&u4 c$ Yhi s] D_n# AAA(V! D_:8oute&KconPi#Maaaa authentication a&a$ A4aaa tacacs{ 2oca28oute&KconPi#Ma2ine L LO8oute&KconPi#-2ineMaa&a$ authentication A4aaa | 5! D_ t&'n/ cù 2nh Iu ti'n -,c .nh&Xn# Dhn# -,c thc )ACAC6{ t&c ti'n/ sau 1 Ai Dhn# use&naAe7$assbo&D c_c bJ t&'n &oute& n@u )ACAC6{ t&0 5? AJt 2xi Ke&&o&M hoFc Yh3n# $hh h$ Kuna5ai2ab2eM( )t 2ine L @n 2ine LO s> s] D_n# -,c thc t&on# 2istnaAe 5ta tUo(2.1.1.1.1.AAA Authent)c(t)on 999Cù 2nh ((( (uthent)c(t)on pppc s] D_n# Y@t h$ 5i 2nh ppp (uthent)c(t)on t&on# 5ic cu hnh 2ine N A3 t0 $hBn# thHc c s] D_n# Yhi AJt use& s] D_n# iii Au*n t&u4 c$ 5=o &oute&( CV $h,$ cù 2nh nh sau:((( (uthent)c(t)on ppp p,e-(u+t q list-namer method1 fmethod2g fmethod3g fmethod4g C,c $hBn# $h,$ c Dhn# t&on# cù 2nh n=4:+oc(+: $hBn# $h,$ n=4 -,c .nh -,c thc bXn# 5ic s] D_n# cF$ u.ern(0e yyyy p(..6or, (((( t&'n &oute&(none: $hBn# $h,$ n=4 -,c .nh &Xn# Yh3n# cIn s] D_n# $hBn# $h,$ -,c thc n=o c0(t(c(c.3: $hBn# $h,$ n=4 -,c .nh s] D_n# )ACAC6 se&5e& N -,c thc(r(,)u.: $hBn# $h,$ n=4 -,c .nh s] D_n# 8A9:U6 se&5e& N -,c thc(;rb:: $hBn# $h,$ n=4 Dhn# ~e&be&os chd $hh h$ cho thao t,c Ko$e&ationM iii 5= c,c 2i'n 2Uc 5i AJt ~e&be&os se&5e& Z c thi@t 2$( ;,c thc 2o#in s] D_n# ~e&be&os chd 2=A 5ic 5i #iao thHc iii iAi( )--nee,e,: $hBn# $h,$ n=4 n#tn# -,c thc n@u AJt use& Z c -,c thc t&c 1 t&'n 2ine tt4(V! D_:8oute&KconPi#Maaaa authentication $$$ A4aaa tacacs{ 2oca28oute&KconPi#Ma2ine L LO8oute&KconPi#-2ineMa$$$ authentication A4aaa Chn# AJt DUn# cV $h,$ c s] D_n# th3n# +ua nhi?u cù 2nh AAA( Vi cù 2nh ppp c thi@t 2$/ th cù 2nh t&'n inte&Pace 2= ppp (uthent)c(t)on option%s& 5i option%s& 2= c,c th4 chSn p(p! ch(p! p(p ch(p! ch(p p(p! 0.-ch(p( )h'A 5=o 1/ c,c $hBn# $h,$ t&on# AAA c1 thN s] D_n#( | 5! D_ t&'n th )ACAC6{ s> c YiNA t&a t&c ti'n/ sau 1 use&naAe7$assbo&D c_c bJ t&'n A,4 s> c s] D_n# n@u )ACAC6{ Yh3n# $hh h$ ha4 t&0 5? AJt 2xi Ke&&o&M(2.1.1.1.2.AAA Authent)c(t)on A=>?Cù 2nh ((( (uthent)c(t)on (n.)c s] D_n# Y@t h$ 5i 2nh (n.) (uthent)c(t)on t&on# 5ic cu hnh 2ine N A3 t0 $hBn# thHc c s] Dhn# Yhi AJt NA6: use& Au*n t&u4 c$ 5=o &oute&(CV $h,$ cù 2nh nh sau:((( (uthent)c(t)on n(.) p,e-(u+t q list-namer method1 fmethod2g fmethod3g fmethod4g C,c $hBn# $h,$ c Dhn# t&on# cù 2nh n=4:+oc(+: $hBn# $h,$ n=4 -,c .nh -,c thc bXn# 5ic s] D_n# cF$ u.ern(0e yyyy p(..6or, (((( t&'n &oute&(en(b+e: $hBn# $h,$ n=4 -,c .nh &Xn# s> s] D_n# cù 2nh enable password N -,c thc t&'n inte&Pace( Vic -,c thc c thc hin bXn# 5ic so s,nh $assbo&D n# b. 4'u cIu -,c thc )ACAC6{ t&c ti'n 5= sau 1 s> s] D_n# use&naAe7$assbo&D c_c bJ n@u )ACAC6{ b. 2xi ha4 Yh3n# th!ch h$(2.1.1.2.C"p #u$%n 'Author)@(t)on*cJt Yhi use& Z c -,c thc/ th ta cIn #ii hUn nhEn# +u4?n A= hS c $h%$ s] D_n#( Ri?u 1 c thc hin th3n# +ua cù 2nh ((( (uthor)@(t)on( NhEn# #ii hUn c1 thN ,$ Ft 5=o hoUt Jn# ha4 D.ch 5_ c 4'u cIu bCi &oute&( Vi 5ic c$ thoA +u4?n/ AAA thi@t 2$ AJt subaDAinist&ato& N cho $h%$ t&u4 c$ 5=o ch@ J conPi#u&ation AoDe/nhn# 5i Yh0 n"n# 2= chd c1 thN s] D_n# AJt t$ nhv c,c 2nh c $h%$( cFc Dh c1 thN/ 5ic cu hnh &oute& s> b. hUn ch@(CV $h,$ Dhn# N c$ +u4?n Yh, Bn #i0n/ n1 -,c .nh hoUt Jn# ha4 D.ch 5_ Knetbo&Y/ e-ec/ coAAanD 2e5e2/ conPi#-coAAanD/ &e5e&se-accessM c s] D_n# cho use&( 9Un# tnn# +u,t cea cù 2nh c$ thoA +u4?n 2=:((( (uthor)@(t)on service-type p,e-(u+t q list-namer method1 fmethod2g fmethod3g fmethod4g Cù 2nh t&'n c1 W n#hGa nh sau:((( (uthor)@(t)on do-)hat* chec'-ho)* cnh ? do-what? c1 thN 2=:net6or;: thaA s* n=4 Dhn# $hBn# $h,$ chec'-ho)* N c$ +u4?n 5= thi@t 2$ c,c 4'u cIu D.ch 5_ c1 2i'n +uan @n AUn# nh 2= 6:i/ iii(eBec: thaA s* n=4 Dhn# $hBn# $h,$ chec'-ho)* N c$ +u4?n n@u use& c $h%$ tUo hoFc chU4 t&on# ch@ J ;C she22( N@u )ACAC6{ hoFc 8A9:U6 c s] D_n#/ thc1 thN cB sC DE 2iu s> t&0 5? AJt th3n# tin 5i cù 2nh t Jn# cho n# c YiNA t&a( )--(uthent)c(te,: 5i thaA s* n=4/ n@u AJt use& c -,c thc &ki/ th hS c $h%$ thi@t 2$ chHc n"n#( ChV W &Xn# C `4 Yh3n# YiNA t&a thoA +u4?n A= chd cIn use& c1 t&on# cB sC DE 2iu 2= Z $hh h$(none: 5i thaA s* n=4/ &oute& Yh3n# li hvi th3n# tin thoA +u4?n cho do-)hat*( )hoA+u4?n Yh3n# c thi@t 2$ 5= AJt cù t&u4 5n s> c #Ci @n cB sC DE 2iu(+oc(+: 5i thaA s* n=4/ &oute& hoFc access se&5e& s> YiNA t&a use&naAe7$assbo&D c cu hnh C ch@ J conPi#u&e AoDe 2u c_c bJ t&on# &oute&(r(,)u.: 5i thaA s* n=4/ thoA +u4?n 8A9:U6 s> c thc hin bXn# 5ic #n c,c thuJc t!nh cho use&naAe t&'n 8A9:U6 se&5e&( cxi use&naAe chn# 5i thuJc t!nh c 2u t&E b'n t&on# 8A9:U6 Database(;rb:-)n.t(nce: 5i thaA s* n=4/ &oute& s> t&u4 5n @n ~e&be&os se&5e& N 4'u cIu c$ thoA +u4?n( )hoA +u4?n s> c 2u t&on# ~e&be&os se&5e&(Nhn chun#/ thoA +u4?n c1 thN c=i Ft theo nhi?u c,ch( Vn ? 2= tA Yi@A -eA th] t&on# Database ha4 t=i n#u4'n n=o c1 cF$ AV ha4 thuJc t!nh N cun# c$ cho &oute& cù t&0 2

Documents

Cấu Hình Aaa