Foundation Summary

The "Foundation Summary" section of each chapter lists the most important facts from the chapter.

Although this section does not list every fact from the chapter that will be on your SNRS exam, a well-prepared candidate should at a minimum know all the details in each "Foundation Summary"

before going to take the exam.

The following are the steps required to configure TACACS+ or RADIUS server on a router:

Step 1. Enable AAA. Use the aaa new-model global configuration command to enable AAA.

Step 2. Identify the server. Use the radius-server host or tacacs-server host command to specify the IP address. Use the radius-server key or tacacs- server key command to specify an encryption key that will be used to encrypt all exchanges between the router and authentication servers.

Step 3. Configure AAA services. Use the aaa authentication global configuration command to define method lists that use RADIUS for authentication.

Step 4. Apply the method lists to the interfaces. Use line and interface commands to apply the defined method lists to various interfaces.

Multiple RADIUS hosts may be specified on the router or NAS. This increases the availability of the RADIUS during periods of high load and server failure.

To balance the load between various servers and specify the initial server for the router or access server, use the radius-server retry method reorder command.

If needed, you can configure authorization using the aaa authorization command for NAS. Similarly, you can configure accounting using the aaa accounting command to enable accounting for RADIUS connections.

The following troubleshooting commands enable you to test and verify RADIUS and TACACS+ server configurations:

debug

radius

debug

radius brief

debug

radius hex

debug

aaa authentication

debug

tacacs

debug

4 PREV

0 0

Post a comment