Radius Server; Ldap Directory Server - Cisco 4700M Configuration Manual
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
AAA Overview
RADIUS Server
LDAP Directory Server
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-6
The TACACS+ protocol encrypts the user password information using the MD5
encryption algorithm and adds a TACACS+ packet header. This header
information identifies the packet type being sent (for example, an authentication
packet), the packet sequence number, the encryption type being used, and the total
packet length. The TACACS+ protocol forwards the packet to the TACACS+
server.
To maintain security between the ACE and the TACACS+ server, you can specify
an encryption key (shared secret) for all communication between the ACE and the
TACACS+ server. For correct operation, you must specify the identical encryption
key on both the ACE and the TACACS+ server.
RADIUS is a client-server access protocol that is used by the NAS to authenticate
users attempting to connect to the ACE. The NAS functions as a client, passing
user information to one or more RADIUS servers. The NAS permits or denies
network access to a user based on the response that it receives from a RADIUS
server. RADIUS uses UDP for connectionless transport between the RADIUS
client and server. For more information about how the RADIUS protocol operates,
see RFC 2138.
To maintain security between the ACE and the RADIUS server, you can specify
an encryption key (shared secret) for all communication between the ACE and the
RADIUS server. For correct operation, you must specify the identical encryption
key on both the ACE and the RADIUS server.
LDAP is an open-standard client-server authentication protocol for accessing
X.500 Directory Access Protocol (DAP) directory services. LDAP runs over
TCP/IP or other connection-oriented transfer services. The ACE supports only
LDAP version 3 for simple authentication and search operations. For more
information about how the LDAP protocol operates, see RFC 2251.
The LDAP information model is based on entries. An entry is a collection of
attributes that has a globally unique distinguished name (DN). The DN is used in
the LDAP database to refer to an entry. Each entry contains one or more attributes
that describe the entry, and each attribute has a type and one or more values. The
types are mnemonic strings, such as "cn" for a common name, or "mail" for an
e-mail address.
Chapter 2
Configuring Authentication and Accounting Services
OL-16202-01
Advertisement
Table of Contents
