This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
aaa [2013/10/07 15:40] val [Аутентификация с использованием RADIUS] |
aaa [2020/02/28 12:31] val [Аутентификация с использованием RADIUS] |
||
---|---|---|---|
Line 37: | Line 37: | ||
login authentication CONSOLE | login authentication CONSOLE | ||
authorization exec CONSOLE | authorization exec CONSOLE | ||
+ | privilege level 15 | ||
</code> | </code> | ||
Line 63: | Line 64: | ||
</code><code> | </code><code> | ||
server# telnet switch | server# telnet switch | ||
+ | или | ||
+ | server# ssh user1@switch1 | ||
... | ... | ||
switch# show privilege | switch# show privilege | ||
Line 72: | Line 75: | ||
=== Настройка клиента RADIUS === | === Настройка клиента RADIUS === | ||
<code> | <code> | ||
- | ;radius-server host server auth-port 1812 acct-port 1813 | + | radius-server host server auth-port 1812 acct-port 1813 |
- | ;radius-server host mgmt auth-port 1812 acct-port 1813 | + | |
radius-server key testing123 | radius-server key testing123 | ||
Line 84: | Line 86: | ||
aaa authorization exec default local none | aaa authorization exec default local none | ||
</code> | </code> | ||
+ | |||
+ | === Использование RADIUS для авторизации telnet подключений ===== | ||
+ | <code> | ||
+ | aaa authorization exec default group radius none | ||
+ | </code> | ||
+ | |||
=== Использование RADIUS для протокола 802.1x ===== | === Использование RADIUS для протокола 802.1x ===== | ||
+ | |||
+ | [[http://open1x.sourceforge.net/]] | ||
+ | |||
<code> | <code> | ||
aaa authentication dot1x default group radius | aaa authentication dot1x default group radius | ||
Line 105: | Line 116: | ||
aaa authorization exec default group tacacs+ none | aaa authorization exec default group tacacs+ none | ||
+ | |||
+ | aaa accounting commands 15 default start-stop group tacacs+ | ||
</code> | </code> | ||
+ | |||
+ | ===== Дополнительные материалы ===== | ||
+ | |||
+ | * [[http://ciscomaster.ru/content/access-delegate-rbac|Делегирование прав доступа к консоли или Role-Based Access Control (RBAC)]] | ||
+ | * [[http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html|Role-Based CLI Access]] | ||