Anda di halaman 1dari 16

UNIVERSIDAD POLITCNICA SALESIANA

CARRERA DE INGENIERA ELECTRNICA


ELECTIVA II
9VO G2

Integrantes: Cahueas Juan


Lizarzaburu Jonathan
Carrera Adrin

Tema # 3: Autenticacin, Autorizacin y


Contabilidad
SERVER-BASED AAA CHARACTERISTICS
INTRODUCING CISCO SECURE ACCESS CONTROL SERVER

Compatibility:

Terminal Access
Control Access
Control Server
Plus (TACACS+)
Remote
Authentication
Dial-In User
Services (RADIUS)
SERVER-BASED AAA COMMUNICATION PROTOCOLS
INTRODUCING TACACS+ AND RADIUS

TACACS+ Features

TACACS+ separates AAA according its architecture


Mostly Cisco supported
TPC as transport protocols (Port 49)
Bidirectional challenge & response as used in CHAP
Multiprotocol Support
Entire packet encrypted as confidentiality
Provides authorization of router commands as customization
Limited Accounting
SERVER-BASED AAA COMMUNICATION PROTOCOLS
INTRODUCING TACACS+ AND RADIUS

RADIUS Features

Combines authentication and authorization, but separates accounting


Open/RFC standard
UDP as transport protocols
Unidirectional challenge
No ARA, no NetBEUI
Password encrypted
Has no option to authorize router commands as customization
Extensive Accounting
SERVER-BASED AAA COMMUNICATION PROTOCOLS
TACACS+ AUTHENTICATION

Incompatible with any


TACACS+ New Protocol
previous version of TACACS
SERVER-BASED AAA COMMUNICATION PROTOCOLS
RADIUS AUTHENTICATION
Is a open IETF standard AAA protocol
Works in both local and roaming situations.
For accounting purposes.
Hides passwords during transmission.
Combines authentication and authorization as one process.
Used by VoIP service providers.
CISCO SECURE ACS
TACACS+ AND RADIUS WITH CISCO SECURE ACS

Extends access security


Cisco Secure
ACS for Allows greater flexibility and
Solution
Windows
Server
mobility
Enforces a uniform security
policy for all users
Offers AAA for both
Reduces the administrative
TACACS+ and and management
RADIUS
CISCO SECURE ACS
CISCO SECURE ACS FEATURES

Automatic service monitoring


Database synchronization
Importing of tools for large-scale deployments
Lightweight Directory Access Protocol (LDAP)
User and administrative access reporting
Restrictions to network
User and device group profiles
CISCO SECURE ACS
CISCO SECURE ACS AS A TRUSTSEC COMPONENT

Cisco Secure CORE


Cisco TrustSec
ACS COMPONENT

TRUSTSEC PRODUCTS
Cisco Network Admission Control (NAC)
Cisco NAC Guest Server
Cisco NAC Profiler
Cisco Secure ACS
CISCO SECURE ACS
CISCO SECURE ACS HIGH PERFORMANCE AND SCALABILITY

FEATURES REQUIREMENTS

Ease of use Cisco devices must be configured with


Scalability TACACS+, RADIUS, or both.

Extensibility Dial-in, VPN, or wireless clients must be


able to connect to the applicable AAA
Management clients.
Administration The computer must be able to reach all
Product flexibility AAA clients using ping.
A supported web browser must be installed
on the computer
All NICs must be enabled.
CONFIGURING CISCO SECURE ACS
CISCO SECURE ACS HOMEPAGE

1. Network Configuration 5. Enter secret password


2. Add entry 6. Choose Protocol
3. Enter Clients Host Name 7. Submit and Apply
4. Enter IP
CONFIGURING CISCO SECURE ACS
CISCO SECURE ACS DATABASES
Can be configured to for users to one or more external
user databases.
Cisco Secure ACS does not require duplicate user entries
Is necessary access to the External User Databases page.

THREE MAJOR OPTIONS:

1. Unknown User Policy


2. Database Group
3. Database Configuration
CONFIGURING CISCO SECURE ACS
CISCO SECURE ACS

It can be configured to authenticate users in one of two ways:

By specific user assignment


By unknown user policy

CISCO SECURE ACS GROUP SETUP


Used to place users in different groups. Windows server and
LDAP server
Configured which router commands the users in a group can
execute.
CONFIGURING CISCO SECURE ACS USERS AND GROUPS
CISCO SECURE ACS USER SETUP
3.4 SERVER-BASED AAA AUTHENTICATION

Server-based AAA must identify various TACACS+ and RADIUS


servers

STEPS

1. Enable AAA
2. Specify the IP address of the ACS server
3. Configurate the secret key
4. Configurate authentication to use RAIUS or TACACS+
server
GRACIAS!

ALGUNA PREGUNTA?