HostedDB - Dedicated UNIX Servers
index_156
Router Security Configuration Guide UNCLASSIFIED 156 UNCLASSIFIED Version 1.0g If a TACACS+ server was used in this example instead of the RADIUS server then system accounting would have also been specified.  Command level accounting could have been applied as well but would probably not be needed here. This section only provides one example for a possible network access server configuration.  Dealing with Dial-In Users is far to complex a subject to be dealt with in depth in this document.  Please see Cisco's "Dial Solutions Configuration Guide" for more details. 4.6.4.   Security Server Protocols In Cisco routers and network access servers, AAA is the mechanism used to establish communications with security servers.  Cisco supported security servers are RADIUS, TACACS+, and Kerberos.  Security servers are important to Cisco network gear when centralized administration is required or when authorization and accounting services are needed. RADIUS Remote Authentication Dial In User Service (RADIUS) is an IETF proposed standard (RFC2865) for securing network components against unauthorized access.   RADIUS is a distributed client/server based architecture used to pass security information between access points and a centralized server.  RADIUS protects the communications using a shared secret.  RADIUS can be used to provide authentication, authorization, and accounting services.  RADIUS was designed with Dial In access control in mind and the accounting features are very flexible along these lines.  However Cisco's RADIUS client does not support auditing of command or system events on the router or network access server. As a minimum when setting up a RADIUS server on a Cisco device the host address and shared secret must be configured as well as turning on and configuring AAA on the device.  This is accomplished using the commands listed: § radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number] command specifies the radius server's hostname or IP address and the ports to use for authentication (authorization) and accounting. § radius-server key string sets the RADIUS server shared encryption key.    The shared secret key should be at least 16 characters long and follow the other rules for a good password as described in Section 4.1.4. For a complete list of RADIUS router configuration commands see the "RADIUS Commands" section in the "Security Command Reference".  Simple example for Central: Central(config)# radius-server host 14.2.6.18