1 / 6

Radius based ssh authentication

Radius based ssh authentication. Location of Radius server radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key WinRadius T he same config must be on the Radius server (and the username password ) Authentication method aaa new-model

phila
Télécharger la présentation

Radius based ssh authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Radius basedsshauthentication • Location of Radius server • radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key WinRadius • The sameconfigmustbe on the Radius server (and the usernamepassword) • Authenticationmethod • aaanew-model • aaaauthenticationlogindefaultgroup radius none <= GENERAL • aaaauthenticationlogin SSH_LINE group radius <= FOR SSH • SSH configuration (onlypartlistedhere) • line vty 0 4 • privilege level 15 • login authentication SSH_LINE <= SAME NAME • transport input ssh

  2. Three-wayhandshake

  3. Example of reflective ACL Outside generatedtraffic Inside generatedtraffic Outgoingtrafficmakes ahole to incommingtraffic

  4. Reflectiveacl • INTERNAL ACL • R1(config)# ip access-list extended internal_ACL • R1(config-ext-nacl)# permit tcp any anyeq 23 reflect telnet-only-reflexive-ACL • R1(config-ext-nacl)# permit udp any anyeq 53 reflect dns-only-reflexive-ACL timeout 10 • EXTERNAL ACL • R1(config)# ip access-list extended external_ACL • R1(config-ext-nacl)# evaluate telnet-only-reflexive-ACL • R1(config-ext-nacl)# evaluate dns-only-reflexive-ACL • R1(config-ext-nacl)# deny ip any any • APPLY ACLS • R1(config)# interface s0/0/0 • R1(config-if)# description connection to the ISP. • R1(config-if)# ip access-group internal_ACL out • R1(config-if)# ip access-group external_ACL in

  5. Yourtask • Create a refelctiveaclwhichallowswebsurfing (http) fromleft to rigthbutnotfromright to left OK

  6. Review of the lab INTERNAL ACL • R1(config)# ip access-list extended internal_ACL • R1(config-ext-nacl)# permit tcp any anyeq 80 reflect www-only-reflexive-ACL • R1(config-ext-nacl)# deny ip any any EXTERNAL ACL • R1(config)# ip access-list extended external_ACL • R1(config-ext-nacl)# evaluate www-only-reflexive-ACL • R1(config-ext-nacl)# deny ip any any APPLY ACLS • R1(config)# interface fa0/0 • R1(config-if)# description Local • R1(config-if)# ip access-group internal_ACL in • R1(config)# interface fa0/1 • R1(config-if)# description Remote • R1(config-if)# ip access-group external_ACL in

More Related