Presentation is loading. Please wait.

Presentation is loading. Please wait.

Radius based ssh authentication Location of Radius server – radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key WinRadius – The same config.

Similar presentations


Presentation on theme: "Radius based ssh authentication Location of Radius server – radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key WinRadius – The same config."— Presentation transcript:

1 Radius based ssh authentication Location of Radius server – radius-server host auth-port 1812 acct-port 1813 key WinRadius – The same config must be on the Radius server (and the username password) Authentication method – aaa new-model – aaa authentication login default group radius none<= GENERAL – aaa authentication login SSH_LINE group radius<= FOR SSH SSH configuration (only part listed here) – line vty 0 4 – privilege level 15 – login authentication SSH_LINE<= SAME NAME – transport input ssh

2 Three-way handshake

3 Example of reflective ACL Outgoing traffic makes a hole to incomming traffic Outside generated traffic Inside generated traffic

4 Reflective acl INTERNAL ACL R1(config)# ip access-list extended internal_ACL R1(config-ext-nacl)# permit tcp any any eq 23 reflect telnet-only-reflexive-ACL R1(config-ext-nacl)# permit udp any any eq 53 reflect dns-only-reflexive-ACL timeout 10 EXTERNAL ACL R1(config)# ip access-list extended external_ACL R1(config-ext-nacl)# evaluate telnet-only-reflexive-ACL R1(config-ext-nacl)# evaluate dns-only-reflexive-ACL R1(config-ext-nacl)# deny ip any any APPLY ACLS R1(config)# interface s0/0/0 R1(config-if)# description connection to the ISP. R1(config-if)# ip access-group internal_ACL out R1(config-if)# ip access-group external_ACL in

5 Your task Create a refelctive acl which allows web surfing (http) from left to rigth but not from right to left OK

6 Review of the lab INTERNAL ACL R1(config)# ip access-list extended internal_ACL R1(config-ext-nacl)# permit tcp any any eq 80 reflect www-only-reflexive-ACL R1(config-ext-nacl)# deny ip any any EXTERNAL ACL R1(config)# ip access-list extended external_ACL R1(config-ext-nacl)# evaluate www-only-reflexive-ACL R1(config-ext-nacl)# deny ip any any APPLY ACLS R1(config)# interface fa0/0 R1(config-if)# description Local R1(config-if)# ip access-group internal_ACL in R1(config)# interface fa0/1 R1(config-if)# description Remote R1(config-if)# ip access-group external_ACL in


Download ppt "Radius based ssh authentication Location of Radius server – radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key WinRadius – The same config."

Similar presentations


Ads by Google