《基本配置命令》第七章 安全配置命令

安全配置命令

安全配置命令

目录 目录 第1章AA配置命令 11AA安全配置命令(授权+认证) 1.1.1 aaa authentication enable default .. 1.3 aaa authentication password-pr 11245 1.1.4 aaa authentication ppp 1.1.5 aaa authentication username-prompt.. 1.1.7 aaa directed- 1.1.8 aaa group server 1.1.9 debug aaa authentication 1.1.10 enable password 1.1.11 ppp authentication 1.1.12 ppp chap hostname 1.1.13 ppp chap password 1.1.14 ppp chap refuse 1.1.15 ppp pap sent-username 1.1.16 serve 0124567890 1.1.17 show users 1.1.18 service password-encryption 1.1.19 username 1.1.20 aaa authorization 第2章 RADIUS配置命令 21 RADIUS配置命令 2.1.1 debug radius 2.1.2 ip radius source-interface 2.1.3 radius challenge-noecho 2.1.4 radius dead-tim 2.1.5 radius server 2.1.6 radius optional-passwords 2.1.7 radius key 2.1.8 radius retransmit. 2.1.9 radius timeout 2.1.10 radius vsa send 第3章 TACACS+配置命令 31 TACACS+配置命令 278901223436678 3.1.2 ip tacacs source-interface 3.1.3 tacacs server 3.1.4 tacacs key 3.1.5 tacacs timeout

目录 目 录 第 1 章 AAA 配置命令..................................................................................................................................................... 1 1.1 AAA 安全配置命令（授权+认证）................................................................................................................ 1 1.1.1 aaa authentication enable default ............................................................................................................. 1 1.1.2 aaa authentication login ............................................................................................................................ 2 1.1.3 aaa authentication password-prompt ........................................................................................................ 4 1.1.4 aaa authentication ppp.............................................................................................................................. 5 1.1.5 aaa authentication username-prompt........................................................................................................ 6 1.1.6 aaa default-username ............................................................................................................................... 7 1.1.7 aaa directed-request ................................................................................................................................. 8 1.1.8 aaa group server ....................................................................................................................................... 9 1.1.9 debug aaa authentication........................................................................................................................ 10 1.1.10 enable password ................................................................................................................................... 11 1.1.11 ppp authentication ................................................................................................................................. 12 1.1.12 ppp chap hostname............................................................................................................................... 14 1.1.13 ppp chap password ............................................................................................................................... 15 1.1.14 ppp chap refuse..................................................................................................................................... 16 1.1.15 ppp pap sent-username ........................................................................................................................ 17 1.1.16 server .................................................................................................................................................... 18 1.1.17 show users ............................................................................................................................................ 19 1.1.18 service password-encryption................................................................................................................. 20 1.1.19 username .............................................................................................................................................. 21 1.1.20 aaa authorization................................................................................................................................... 23 第 2 章 RADIUS 配置命令 ............................................................................................................................................ 26 2.1 RADIUS 配置命令............................................................................................................................................ 26 2.1.1 debug radius............................................................................................................................................ 26 2.1.2 ip radius source-interface........................................................................................................................ 27 2.1.3 radius challenge-noecho ......................................................................................................................... 28 2.1.4 radius dead-time...................................................................................................................................... 29 2.1.5 radius server............................................................................................................................................ 30 2.1.6 radius optional-passwords....................................................................................................................... 31 2.1.7 radius key................................................................................................................................................ 32 2.1.8 radius retransmit...................................................................................................................................... 32 2.1.9 radius timeout.......................................................................................................................................... 33 2.1.10 radius vsa send ..................................................................................................................................... 34 第 3 章 TACACS+配置命令 .......................................................................................................................................... 36 3.1 TACACS+配置命令........................................................................................................................................... 36 3.1.1 debug tacacs........................................................................................................................................... 36 3.1.2 ip tacacs source-interface ....................................................................................................................... 37 3.1.3 tacacs server........................................................................................................................................... 38 3.1.4 tacacs key ............................................................................................................................................... 39 3.1.5 tacacs timeout ......................................................................................................................................... 40 - I -

目录 第4章|PSec配置命令 4.1|PSec配置命令 4.1.1 clear crypto sa 4.1.2 crypto dynamic-map 4.1.3 crypto ipsec secure 4.1.4 crypto ipsec transform-set 4.1.5 crypto map(global configuration) 23458 4.1.6 crypto map(interface configuration) 4.1.7 crypto map local-address 4.1.8 debug crypto packet 4.1.9 match address 4.1.10mode 4.1.11 set peer 4.1.12 set pfs 4.1.13 set security-association lifetime 4.1.14 4.1. 15 set transform-set 4.1.16 show crypto ipsec sa 4.1.17 show crypto ipsec transform-set. 023555626的6 4.1.18 show crypto 4.1.19 transform-type 第5章 Internet密钥交换安全协议命令 51|KE配置命令 5.1.1 authentication(IKE policy) 5.1.2 clear crypto isakmp 5.1.3 crypto isakmp key 5.1.4 crypto isakmp policy 5.1.5 debug crypto isakmp 5.1.7 group(IKE policy) 5.1.8 hash(IKE policy) 5.1.9 lifetime(lKE policy) 2456780 5.1.10 show crypto isakmp policy 5.1.11 show crypto isakmp sa 第6章Web认证命令 61Web认证命令 6.1.2 ““““ 6.1.3 web-auth authentication 6.1.4 web-auth keep-alive 6.1.5 web-auth holdtime 6.1.6 web-auth authtime 8884888888 6.1.7 web-auth portal-server 6.1.9 show web-auth

目录 第 4 章 IPSec 配置命令 ................................................................................................................................................ 41 4.1 IPSec 配置命令................................................................................................................................................ 41 4.1.1 clear crypto sa......................................................................................................................................... 41 4.1.2 crypto dynamic-map................................................................................................................................ 42 4.1.3 crypto ipsec secure ................................................................................................................................. 43 4.1.4 crypto ipsec transform-set....................................................................................................................... 44 4.1.5 crypto map (global configuration)............................................................................................................ 45 4.1.6 crypto map (interface configuration)........................................................................................................ 48 4.1.7 crypto map local-address ........................................................................................................................ 49 4.1.8 debug crypto packet................................................................................................................................ 49 4.1.9 match address......................................................................................................................................... 50 4.1.10 mode ..................................................................................................................................................... 52 4.1.11 set peer.................................................................................................................................................. 53 4.1.12 set pfs.................................................................................................................................................... 55 4.1.13 set security-association lifetime............................................................................................................. 56 4.1.14 set security-association {inbound|outbound}......................................................................................... 58 4.1.15 set transform-set ................................................................................................................................... 61 4.1.16 show crypto ipsec sa............................................................................................................................. 62 4.1.17 show crypto ipsec transform-set............................................................................................................ 64 4.1.18 show crypto map ................................................................................................................................... 65 4.1.19 transform-type ....................................................................................................................................... 66 第 5 章 Internet 密钥交换安全协议命令 ................................................................................................................... 69 5.1 IKE 配置命令.................................................................................................................................................... 69 5.1.1 authentication(IKE policy)........................................................................................................................ 69 5.1.2 clear crypto isakmp ................................................................................................................................. 70 5.1.3 crypto isakmp key.................................................................................................................................... 71 5.1.4 crypto isakmp policy................................................................................................................................ 72 5.1.5 debug crypto isakmp ............................................................................................................................... 74 5.1.6 encryption(IKE policy) ............................................................................................................................. 75 5.1.7 group(IKE policy)..................................................................................................................................... 76 5.1.8 hash(IKE policy) ...................................................................................................................................... 77 5.1.9 lifetime(IKE policy)................................................................................................................................... 78 5.1.10 show crypto isakmp policy..................................................................................................................... 80 5.1.11 show crypto isakmp sa .......................................................................................................................... 81 第 6 章 Web 认证命令 .................................................................................................................................................. 83 6.1 Web 认证命令................................................................................................................................................... 83 6.1.1 web-auth enable...................................................................................................................................... 83 6.1.2 web-auth accounting ............................................................................................................................... 84 6.1.3 web-auth authentication .......................................................................................................................... 85 6.1.4 web-auth keep-alive ................................................................................................................................ 86 6.1.5 web-auth holdtime................................................................................................................................... 87 6.1.6 web-auth authtime................................................................................................................................... 87 6.1.7 web-auth portal-server ............................................................................................................................ 88 6.1.8 web-auth kick-out .................................................................................................................................... 89 6.1.9 show web-auth ........................................................................................................................................ 90 - II -

目录 6.1.10 show web-auth interface 6.1.11 show web-auth user 6.1.12 debug web-auth event. 6.1.13 debug web-auth error 6.1.14 debug web-auth verbose 6.1.15debugweb-authhttpevent 6.1.16debugweb-authhttprequest 0923349% 6.1.17 debug web-auth 6. 1.18 debug web-auth

目录 6.1.10 show web-auth interface ....................................................................................................................... 90 6.1.11 show web-auth user .............................................................................................................................. 91 6.1.12 debug web-auth event........................................................................................................................... 92 6.1.13 debug web-auth error............................................................................................................................ 93 6.1.14 debug web-auth verbose....................................................................................................................... 93 6.1.15 debug web-auth http event.................................................................................................................... 94 6.1.16 debug web-auth http request................................................................................................................. 95 6.1.17 debug web-auth http.............................................................................................................................. 95 6.1.18 debug web-auth..................................................................................................................................... 96 - III -

07-安全配置命令 第1章AAA配置命令 1.1AAA安全配置命令(授权+认证) 本章描述了用来配置AA认证方法的命令。认证在用户被允许访问网络和网络服务之前 对他们作出访问权利的鉴定。 如果想得到关于怎样用AAA的方法来配置认证的信息,请查阅“配置认证”。如果想查 阅使用本章中命令进行配置的例子,阅读“配置认证”文档最后的示例部分。 1.1.1 aaa authentication enable default 要开放AA认证,以确定某个用户是否可以访问特权级别的命令,使用本地配置命令aaa authentication enable default使用该命令的no形式关闭这种认证方法。 aaa authentication enable default method1 [method2.] no aaa authentication enable default method1 [method 2.1 参数 参数 参数说明 method 至少为表1中所给出的关键字之一 缺省 如果没有设置 default,则使用 enable口令进行认证,与下面的命令具有相同的效果 aaa authentication enable default enable 在配置表中,如果存在 enable口令,则使用该口令。如果没有设置口令,则该过程总返 回结果认为认证成功。 命令模式 全局配置态 使用说明 使用 aaa authentication enable default命令创建一系列的认证方法,这些方法用来确定 某个用户是否可以使用特权级别的命令。关键字 method在表1中已经作了说明。只有在 前面的认证方法返回错误时,才使用其它的认证方法,如果前面的认证方法返回结果通

07-安全配置命令 第1章 AAA 配置命令 1.1 AAA安全配置命令（授权+认证） 本章描述了用来配置 AAA 认证方法的命令。认证在用户被允许访问网络和网络服务之前 对他们作出访问权利的鉴定。 如果想得到关于怎样用 AAA 的方法来配置认证的信息，请查阅“配置认证”。如果想查 阅使用本章中命令进行配置的例子，阅读“配置认证”文档最后的示例部分。 1.1.1 aaa authentication enable default 要开放 AAA 认证，以确定某个用户是否可以访问特权级别的命令，使用本地配置命令 aaa authentication enable default。使用该命令的 no 形式关闭这种认证方法。 aaa authentication enable default method1 [method2...] no aaa authentication enable default method1 [method2...] 参数 参数 参数说明 method 至少为表1中所给出的关键字之一 缺省 如果没有设置 default，则使用 enable 口令进行认证，与下面的命令具有相同的效果： aaa authentication enable default enable 在配置表中，如果存在 enable 口令，则使用该口令。如果没有设置口令，则该过程总返 回结果认为认证成功。 命令模式 全局配置态 使用说明 使用 aaa authentication enable default 命令创建一系列的认证方法，这些方法用来确定 某个用户是否可以使用特权级别的命令。关键字 method 在表 1 中已经作了说明。只有在 前面的认证方法返回错误时，才使用其它的认证方法，如果前面的认证方法返回结果通 - 1 -