index_154
Router Security Configuration Guide
UNCLASSIFIED
154
UNCLASSIFIED
Version 1.0g
authorization methods will be applied. In this case we are particularly
interested in turning on network authorization.
§ aaa accounting {system | network | exec | connection |
commands level } {default | list-name} {start-stop | wait-
start | stop-only | none} method-list turns on AAA's accounting
services for the specified accounting type. For dial-in users network needs
to be used.
§ aaa processes number command is used to specify the number of
background processes to start to handle concurrent authentication and
authorization requests.
§ (interface): ppp authentication {pap | chap | pap chap | chap
pap} [if-needed] {default | list-name} [call-in] [one-tone]
command is used to enable pap, chap, or both forms of authentication on
the selected interface.
§ (interface): ppp authorization {default | list-name}
command is used to apply a ppp authorization list to the selected interface.
§ (interface): ppp accounting [default | list-name] command is
used to apply accounting methods to the PPP service on the selected
interface.
The example below gives onE potential application of AAA services for dealing with
dial-in services (Note: this example is not complete). Figure 4-9 shows the relevant
portion of the network, and the configuration for East is shown after it.
Facility Network
14.1.0.0/16
East
LAN 1
14.2.6.0/24
14.1.1.20/16
14.2.6.250/24
User Host
14.2.6.6/24
Remote Host
modem
Telephone
Network
modem
Authentication
Server
14.2.6.18/24
net
access
eth 0
eth 1
Central
14.2.9.250/24
14.1.15.250/16
eth 0/0
eth 0/1
LAN 2
14.2.9.0/24
Figure 4-10: Router East in the Network