Cisco Access Control Solutions Overview

Basic Security Devices and Router Security

Cisco Security Options Overview

CiscoSecure ACS Overview

CiscoSecure ACS Components

GUI Client Supported

Understanding and Configuring AAA

AAA Definition

1. Authentication Who are you? 2. Authorization What can you do? 3. Accounting What did you do and how long did you do it?

Router Access Modes

Modes Character mode (line mode or interactive login) Packet mode (interface mode or link protocol session)

Router Ports tty, vty, aux, con

AAA Command Element login, exec, connection, enable, command ppp, network

async, group-async, BRI, PRI, serial, dialer profiles, dialer rotaries

AAA Protocols

Enabling AAA and Identifying the Server

Router(config)# aaa new-model

Router(config)# tacacs-server host <ip of server> [single-connection] Router(config)# tacacs-server key <key>

Router(config)# radius-server host <ip of server> Router(config)# radius-server key <key>

AAA Authentication Commands

Router(config)# aaa authentication login <default| word> group <tacacs+| radius> method 2..

Character Mode Login Example

AAA Authorization Commands

Character Mode with Authorization Example

Packet Mode Example

hyderabad(config)#aaa authentication login default tacacs+ local hyderabad(config)#aaa authentication ppp default tacacs+ hyderabad(config-if)#ppp authentication chap

AAA Accounting Commands

Queuing Overview

Queuing Overview

Effective Use of Traffic Prioritization

Establishing a Queuing Policy

Choosing a Cisco IOS Queuing Option

Configuring Weighted Fair Queuing

Data Stream Classification

Weighted Fair Queuing Operation

Weighted Fair Queuing Operation (Cont.)

Weighted Fair Queuing Operation (Cont.)

Configuring Weighted Fair Queuing

Weighted Fair Queue Example

Priority Queuing

Priority Queuing

Provides absolute control over throughput Utilizes four queues with fixed lengths
High, medium, normal, and low FIFO is used within the queues

Priority Queuing

High (20) Full use of bandwidth until queue is empty Will not be used as a solution in high congestion areas Medium (40) After high queue is empty, medium is flushed in a similar fashion

Priority Queuing

Normal (60)
Emptied after a second check of the high queue

Low (80)
Emptied after a third check of the high queue, followed by medium and normal

Priority Configuration

Priority Configuration

May assign individual protocols to certain queues Use standard or extended lists to define traffic types for each queue
Use the priority-list command Read in order, similar to access lists

Priority Configuration

Steps Define specific access lists (if needed) Create the priority list Apply the list to the interface Verify the queuing process (show queueing priority)

Configuring Class-Based Weighted Fair Queuing

Configuring Class-Based Weighted Fair Queuing

Class-Based Weighted Fair Queuing

CBWFQ vs Flow-Based WFQ

CBWFQ provides for up to 64 classes; CBWFQ allows for coarser granularity. Multiple IP flows can belong to a single class.

CBWFQ and Tail Drops

Using WRED to Avoid Tail Drops

Configuring CBWFQStep 1

Configuring CBWFQ with Tail DropStep 2

Configuring CBWFQ with WREDStep 2

Configuring CBWFQ default classStep 2

Configuring CBWFQStep 3

CBWFQ Queuing Example

CBWFQ Queuing Example (Cont.)

Configuring Low Latency Queuing (LLQ)

Low Latency Queuing

Configuring Low Latency Queuing

Verifying Queuing Operation

Verifying Queuing Operation

Queuing Comparison Summary

Queuing Comparison Summary (Cont.)