AAA & Q
of 57
-
Upload
ramana-rongala -
Category
Documents
-
view
231 -
download
0
Transcript of AAA & Q
-
8/3/2019 AAA & Q
1/57
Cisco Access Control SolutionsOverview
-
8/3/2019 AAA & Q
2/57
Basic Security Devices andRouter Security
-
8/3/2019 AAA & Q
3/57
Cisco Security Options Overview
-
8/3/2019 AAA & Q
4/57
CiscoSecure ACS Overview
-
8/3/2019 AAA & Q
5/57
CiscoSecure ACS Components
-
8/3/2019 AAA & Q
6/57
GUIClient Supported
-
8/3/2019 AAA & Q
7/57
Understanding and Configuring
AAA
-
8/3/2019 AAA & Q
8/57
AAA Definition
1. Authentication
Who are you?
2. Authorization
What can you do?
3. Accounting
What did you do and how long didyou do it?
-
8/3/2019 AAA & Q
9/57
Modes Router Ports AAA Command Element
Character mode tty, vty, aux, con login, exec,
(line mode or connection,
interactive login) enable, command
Packet mode async, group-async, ppp, network
(interface mode or BRI, PRI, serial, dialerlink protocol session) profiles, dialer rotaries
Router Access Modes
-
8/3/2019 AAA & Q
10/57
AAA Protocols
-
8/3/2019 AAA & Q
11/57
Enabling AAA andIdentifying the Server
Router(config)#
aaa new-model
Router(config)#
tacacs-server host [single-connection]
Router(config)#
tacacs-server key
Router(config)#radius-server host
Router(config)#
radius-server key
-
8/3/2019 AAA & Q
12/57
AAA Authentication Commands
Router(config)#
aaa authentication login
group method 2..
-
8/3/2019 AAA & Q
13/57
Character Mode Login Example
-
8/3/2019 AAA & Q
14/57
AAA Authorization Commands
-
8/3/2019 AAA & Q
15/57
Character Mode withAuthorization Example
-
8/3/2019 AAA & Q
16/57
Packet Mode Example
hyderabad(config)#aaa authentication login default tacacs+ local
hyderabad(config)#aaa authentication ppp default tacacs+
hyderabad(config-if)#ppp authentication chap
-
8/3/2019 AAA & Q
17/57
AAA Accounting Commands
-
8/3/2019 AAA & Q
18/57
Queuing Overview
-
8/3/2019 AAA & Q
19/57
Queuing Overview
-
8/3/2019 AAA & Q
20/57
Effective Use of Traffic Prioritization
-
8/3/2019 AAA & Q
21/57
Establishing a Queuing Policy
-
8/3/2019 AAA & Q
22/57
Choosing a Cisco IOS Queuing Option
-
8/3/2019 AAA & Q
23/57
Configuring Weighted FairQueuing
-
8/3/2019 AAA & Q
24/57
Data Stream Classification
-
8/3/2019 AAA & Q
25/57
Weighted Fair Queuing Operation
-
8/3/2019 AAA & Q
26/57
Weighted Fair Queuing Operation (Cont.)
-
8/3/2019 AAA & Q
27/57
Weighted Fair Queuing Operation (Cont.)
-
8/3/2019 AAA & Q
28/57
Configuring Weighted Fair Queuing
-
8/3/2019 AAA & Q
29/57
Weighted Fair Queue Example
-
8/3/2019 AAA & Q
30/57
Priority Queuing
-
8/3/2019 AAA & Q
31/57
Priority Queuing
Provides absolute control over
throughputUtilizes four queues with fixedlengths
High, medium, normal, and low
FIFO is used within the queues
-
8/3/2019 AAA & Q
32/57
Priority Queuing
High (20)
Full use of bandwidth until queue is
empty Will not be used as a solution in highcongestion areas
Medium (40)
After high queue is empty, mediumis flushed in a similar fashion
-
8/3/2019 AAA & Q
33/57
Priority Queuing
Normal (60)
Emptied after a second check of the
high queue
Low (80)
Emptied after a third check of the high
queue, foll
owed by medium and normal
-
8/3/2019 AAA & Q
34/57
Priority Configuration
-
8/3/2019 AAA & Q
35/57
Priority Configuration
May assign individual protocols tocertain queues
Use standard or extended lists todefine traffic types for each queue
Use the priority-list command
Read in order, similar to access lists
-
8/3/2019 AAA & Q
36/57
Priority Configuration
Steps
Define specific access lists (if
needed) Create the priority list
Apply the list to the interface
Verify the queuing process (showqueueing priority)
-
8/3/2019 AAA & Q
37/57
-
8/3/2019 AAA & Q
38/57
Configuring Class-BasedWeighted FairQueuing
-
8/3/2019 AAA & Q
39/57
Configuring Class-BasedWeighted FairQueuing
-
8/3/2019 AAA & Q
40/57
Class-Based Weighted Fair Queuing
-
8/3/2019 AAA & Q
41/57
CBWFQ vs Flow-Based WFQ
CBWFQ provides for up to 64 classes; CBWFQ allows for coarser granularity.
Multiple IP flows can belong to a singleclass.
-
8/3/2019 AAA & Q
42/57
CBWFQ and Tail Drops
-
8/3/2019 AAA & Q
43/57
Using WRED to Avoid Tail Drops
-
8/3/2019 AAA & Q
44/57
Configuring CBWFQStep 1
-
8/3/2019 AAA & Q
45/57
Configuring CBWFQ with Tail DropStep 2
-
8/3/2019 AAA & Q
46/57
Configuring CBWFQ with WREDStep 2
-
8/3/2019 AAA & Q
47/57
Configuring CBWFQ default classStep 2
-
8/3/2019 AAA & Q
48/57
Configuring CBWFQStep 3
-
8/3/2019 AAA & Q
49/57
CBWFQQueuing Example
-
8/3/2019 AAA & Q
50/57
CBWFQQueuing Example (Cont.)
-
8/3/2019 AAA & Q
51/57
Configuring Low Latency Queuing(LLQ)
-
8/3/2019 AAA & Q
52/57
Low Latency Queuing
-
8/3/2019 AAA & Q
53/57
Configuring Low Latency Queuing
-
8/3/2019 AAA & Q
54/57
Verifying Queuing Operation
-
8/3/2019 AAA & Q
55/57
Verifying Queuing Operation
-
8/3/2019 AAA & Q
56/57
Queuing Comparison Summary
-
8/3/2019 AAA & Q
57/57
Queuing Comparison Summary (Cont.)
