CU HNH AAA- Vic cu hnh AAA c thc hin theo ba bc nh sau:Bc 1: Bt
t!nh n"n# cho $h%$ cu hnh AAA t&'n &oute&( )&on#
su*t +u, t&nh -,c .nh AAA/ &oute& $h0i cu hnh sao cho
n1 2u3n n1i chu4n c 5i )ACAC678A9:U6 se&5e&(Bc 2: ;,c .nh
n# c -,c thc/ c c$ +u4?n nh th@ n=o/ 5= c,i # s> #i,A s,t cB
sC DE 2iu(Bc 3: Cho $h%$ hoFc .nh n#hGa $hBn# thHc t&'n #iao
ti@$(- C,c $hIn ti@$ theo s> n1i AJt c,ch chi ti@t c,ch thHc bt
chHc n"n# AAA Kbc LM/ c,chthHc -,c .nh $hBn# thHc N -,c thc/ c$
+u4?n/ 5= t!nh cc Kbc OM/ 5= c,ch thHc -,c .nh AAA t&'n AJt
inte&Pace Kbc QM( RN cho #Sn 5= DT D=n# hiNu hBn/ ta c1 thN
#J$hai bc O 5= Q 2Ui 2=A AJt(- ChV W &Xn# AJt Yhi AAA Z c cho
$h%$ t&'n &oute&/ bt Y inte&Pace 5= $hBn# thHc Y@t
n*i n=o c[n# $h0i .nh n#hGa hoFc Yh3n# cho $h%$ t&u4 c$ 5=o( 9o
1/ i?u +uan t&Sn# nht 2= $h0i tUo AJt \c,nh c]a hu^ KbacY
Doo&M ha4 2= c,ch thHc t&u4 c$ c_c bJ K2oca2M t&on#
su*t +u, t&nh t&iNn Yhai ban Iu N b0o 0A &Xn#
&oute& 2u3n c1 thN t&u4 c$c n@u ta +u'n nhEn# # Z cu
hnh t&c 1( L( Bc 1- Cho php chc nng AAA trn router:- RN cho
$h%$ AAA t&'n &oute&/ ta s] D_n# c`u 2nh
sau:8oute&KconPi#Maaaa neb-AoDe2- cJt Yhi AAA c cho $h%$ th
&oute& $h0i chd @n .a chd sou&ce cea AAA
se&5e&( Vi )ACAC6 se&5e&/ th c`u 2nh s>
2=:8oute&KconPi#Matacacs-se&5e& host
host-i$-aDD&ess
fsin#2e-connectiong8oute&KconPi#Matacacs-se&5e& Ye4
se&5e&Ye4)haA s* host-ip-address -,c .nh .a chd cea )ACAC6
se&5e&( )haA s* single-connection cho bi@t &oute&
Du4 t& AJt Y@t n*i Bn t&on# su*t $hi'n 2=A 5ic #iEa
&oute& 5= AAA se&5e&( - cJt $assbo&D chun# c
Dhn# #iEa access &oute& 5= AAA se&5e& N b0o At
th3n# tin(V! D_/ c`u 2nh cho $h%$ thi@t 2$ $assbo&D t&'n
&oute& nh sau:8oute&KconPi#Matacacs-se&5e& Ye4
ciscoiassbo&D c chSn $h0i #i*n# $assbo&D cu hnh nh t&'n
AAA se&5e&( iassbo&D $h`n bit Y! t hoa/ Y! t th c YiNA
t&a t&c ti'n/ sau 1 use&naAe7$assbo&D c_c bJ
t&'n A,4 s> c s] D_n# n@u )ACAC6{ Yh3n# $hh h$ ha4 t&0
5? AJt 2xi Ke&&o&M(2.1.?:- C`u 2nh ((( (uthent)c(t)on
(n.) c s] D_n# Y@t h$ 5i 2nh (n.) (uthent)c(t)on t&on# 5ic cu
hnh 2ine N A3 t0 $hBn# thHc c s] Dhn# Yhi AJt NA6: use& Au*n
t&u4 c$ 5=o &oute&(CV $h,$ c`u 2nh nh sau:(((
(uthent)c(t)on (n.) p,e-(u+t q 2ist-naAer AethoDL fAethoDOg
fAethoDQg fAethoDsg- C,c $hBn# $h,$ c Dhn# t&on# c`u 2nh n=4:u
+oc(+: $hBn# $h,$ n=4 -,c .nh -,c thc bXn# 5ic s] D_n# cF$ u.ern(0e
4444 p(..6or, ---- t&'n &oute&(u en(b+e: $hBn# $h,$ n=4
-,c .nh &Xn# s> s] D_n# c`u 2nh en(b+e p(..6or, N -,c thc
t&'n inte&Pace( Vic -,c thc c thc hin bXn# 5ic so s,nh
$assbo&D n# b. 4'u cIu -,c thc )ACAC6{ t&c ti'n 5= sau
1 s> s] D_n# use&naAe7$assbo&D c_c bJ n@u )ACAC6{ b. 2xi
ha4 Yh3n# th!ch h$(2.2. C"p #u$%n 'Author)@(t)on*:- cJt Yhi
use& Z c -,c thc/ th ta cIn #ii hUn nhEn# +u4?n A= hS c $h%$ s]
D_n#( Ri?u 1 c thc hin th3n# +ua c`u 2nh aaa autho&iation(
NhEn# #ii hUn c1 thN ,$ Ft 5=o hoUt Jn# ha4 D.ch 5_ c 4'u cIu bCi
&oute&( Vi 5ic c$ thoA +u4?n/ AAA thi@t 2$ AJt
subaDAinist&ato& N cho $h%$ t&u4 c$ 5=o ch@ J
conPi#u&ation AoDe/nhn# 5i Yh0 n"n# 2= chd c1 thN s] D_n# AJt
t$ nhv c,c 2nh c $h%$( cFc Dh c1 thN/ 5ic cu hnh &oute&
s> b. hUn ch@(- CV $h,$ Dhn# N c$ +u4?n Yh, Bn #i0n/ n1 -,c .nh
hoUt Jn# ha4 D.ch 5_ Knetbo&Y/ e-ec/ coAAanD 2e5e2/
conPi#-coAAanD/ &e5e&se-accessM c s] D_n# cho use&(
9Un# tnn# +u,t cea c`u 2nh c$ thoA +u4?n 2=:((( (uthor)@(t)on
.erv)ce-t$pe p,e-(u+t q 2ist-naAer AethoDL fAethoDOg fAethoDQg
fAethoDsgC`u 2nh t&'n c1 W n#hGa nh sau:((( (uthor)@(t)on
Do-bhatw checY-hobwcnh ? ,o-6h(tA c1 thN 2=:u net6or;: thaA s* n=4
Dhn# $hBn# $h,$ checY-hobw N c$ +u4?n 5= thi@t 2$ c,c 4'ucIu D.ch
5_ c1 2i'n +uan @n AUn# nh 2= 6:i/ iii(u eBec: thaA s* n=4 Dhn#
$hBn# $h,$ checY-hobw N c$ +u4?n n@u use& c $h%$ tUohoFc chU4
t&on# ch@ J ;C she22( N@u )ACAC6{ hoFc 8A9:U6 c s] D_n#/ th c1
thN cB sC DE 2iu s> t&0 5? AJt th3n# tin 5i c`u 2nh t Jn#
cho n# c YiNA t&a( u )--(uthent)c(te,: 5i thaA s* n=4/ n@u
AJt use& c -,c thc &ki/ th hS c $h%$ thi@t 2$ chHc n"n#(
ChV W &Xn# C `4 Yh3n# YiNA t&a thoA +u4?n A= chd cIn
use& c1 t&on# cB sC DE 2iu 2= Z $hh h$(u none: 5i thaA s*
n=4/ &oute& Yh3n# li hvi th3n# tin thoA +u4?n cho Do-bhatw(
)hoA +u4?n Yh3n# c thi@t 2$ 5= AJt c`u t&u4 5n s> c #Ci @n
cB sC DE 2iu(u +oc(+: 5i thaA s* n=4/ &oute& hoFc access
se&5e& s> YiNA t&a use&naAe7$assbo&D c cu
hnh C ch@ J conPi#u&e AoDe 2u c_c bJ t&on# &oute&(u
r(,)u.: 5i thaA s* n=4/ thoA +u4?n 8A9:U6 s> c thc hin bXn# 5ic
#n c,c thuJc t!nh cho use&naAe t&'n 8A9:U6 se&5e&(
cxi use&naAe chn# 5i thuJc t!nh c 2u t&E b'n t&on#
8A9:U6 Database(u ;rb:-)n.t(nce: 5i thaA s* n=4/ &oute&
s> t&u4 5n @n ~e&be&os se&5e& N 4'u cIu c$
thoA +u4?n( )hoA +u4?n s> c 2u t&on# ~e&be&os
se&5e&(- Nhn chun#/ thoA +u4?n c1 thN c=i Ft theo nhi?u
c,ch( Vn ? 2= tA Yi@A -eA th] t&on# Database ha4 t=i n#u4'n n=o
c1 cF$ AV ha4 thuJc t!nh N cun# c$ cho &oute& c`u t&0
2 Yh3n# th] -,c thc th'A $hBn# $h,$ ti@$ theo t&on#
2istnaAe nEa(2.1.2.1.7. AAA Authent)c(t)on A8A9C`u 2nh (((
(uthent)c(t)on (r(pc s] D_n# Y@t h$ 5i 2nh (r(p (uthent)c(t)on
t&on# 5ic cu hnh 2ine( N1 A3 t0 c,ch thHc A= A8Ai use& an#
th] t&u4 c$ 5=o &oute&(CV $h,$ c`u 2nh nh sau:(((
(uthent)c(t)on (r(p p,e-(u+t q list-namer method1 fmethod2g
fmethod3g fmethod4g C,c $hBn# $h,$ c Dhn# t&on# c`u 2nh
n=4:+)ne: $hBn# $h,$ n=4 -,c .nh s] D_n# $assbo&D N -,c thc 5=o
inte&Pace( C`u 2nh n=4 c s] D_n# t&on# c`u 2nh 2o#in 5=
$assbo&D t&on# ttn# 2ine Kconso2e/ 5t4/(((M+oc(+: $hBn#
$h,$ n=4 -,c .nh -,c thc bXn# 5ic s] D_n# cF$ u.ern(0e yyyy
p(..6or, (((( t&'n &oute&(t(c(c.3: $hBn# $h,$ n=4 -,c
.nh s] D_n# )ACAC6 se&5e& N -,c thc(gue.t: $hBn# $h,$ n=4
cho $h%$ 2o#in 5=o n@u use&naAe 2= #uest( )h4 chSn n=4 chd $hh
h$ 5i A8Ai((uth-gue.t: $hBn# $h,$ n=4 cho $h%$ Yh,ch chd c 2o#in
5=o n@u use& Z 2o#in 5=o ch@ J ;C t&'n &oute& 5=
an# YhCi tUo ti@n t&nh A8Ai(ChV W &Xn# AFc .nh th Yh,ch
5i@n# th"A Yh3n# thN 2o#in th3n# +ua A8Ai Yhi ta YhCi tUo AAA( C`u
2nh ((( (uthent)c(t)on (r(p5i hai tt Yh1a gue.t hoFc (uth-gue.t
s> cIn thi@t N Yh,ch t&u4 c$ Yhi s] D_n# AAA(V!
D_:8oute&KconPi#Maaaa authentication a&a$ A4aaa tacacs{
2oca28oute&KconPi#Ma2ine L LO8oute&KconPi#-2ineMaa&a$
authentication A4aaa | 5! D_ t&'n/ c`u 2nh Iu ti'n -,c
.nh&Xn# Dhn# -,c thc )ACAC6{ t&c ti'n/ sau 1 Ai Dhn#
use&naAe7$assbo&D c_c bJ t&'n &oute& n@u
)ACAC6{ t&0 5? AJt 2xi Ke&&o&M hoFc Yh3n# $hh h$
Kuna5ai2ab2eM( )t 2ine L @n 2ine LO s> s] D_n# -,c thc t&on#
2istnaAe 5ta tUo(2.1.1.1.1.AAA Authent)c(t)on 999C`u 2nh (((
(uthent)c(t)on pppc s] D_n# Y@t h$ 5i 2nh ppp (uthent)c(t)on
t&on# 5ic cu hnh 2ine N A3 t0 $hBn# thHc c s] D_n# Yhi AJt
use& s] D_n# iii Au*n t&u4 c$ 5=o &oute&( CV $h,$
c`u 2nh nh sau:((( (uthent)c(t)on ppp p,e-(u+t q list-namer method1
fmethod2g fmethod3g fmethod4g C,c $hBn# $h,$ c Dhn# t&on# c`u
2nh n=4:+oc(+: $hBn# $h,$ n=4 -,c .nh -,c thc bXn# 5ic s] D_n# cF$
u.ern(0e yyyy p(..6or, (((( t&'n &oute&(none: $hBn#
$h,$ n=4 -,c .nh &Xn# Yh3n# cIn s] D_n# $hBn# $h,$ -,c thc n=o
c0(t(c(c.3: $hBn# $h,$ n=4 -,c .nh s] D_n# )ACAC6 se&5e& N
-,c thc(r(,)u.: $hBn# $h,$ n=4 -,c .nh s] D_n# 8A9:U6
se&5e& N -,c thc(;rb:: $hBn# $h,$ n=4 Dhn# ~e&be&os
chd $hh h$ cho thao t,c Ko$e&ationM iii 5= c,c 2i'n 2Uc 5i AJt
~e&be&os se&5e& Z c thi@t 2$( ;,c thc 2o#in s] D_n#
~e&be&os chd 2=A 5ic 5i #iao thHc iii iAi( )--nee,e,: $hBn#
$h,$ n=4 n#tn# -,c thc n@u AJt use& Z c -,c thc t&c 1
t&'n 2ine tt4(V! D_:8oute&KconPi#Maaaa authentication $$$
A4aaa tacacs{ 2oca28oute&KconPi#Ma2ine L
LO8oute&KconPi#-2ineMa$$$ authentication A4aaa Chn# AJt DUn# cV
$h,$ c s] D_n# th3n# +ua nhi?u c`u 2nh AAA( Vi c`u 2nh ppp c thi@t
2$/ th c`u 2nh t&'n inte&Pace 2= ppp (uthent)c(t)on
option%s& 5i option%s& 2= c,c th4 chSn p(p! ch(p! p(p ch(p!
ch(p p(p! 0.-ch(p( )h'A 5=o 1/ c,c $hBn# $h,$ t&on# AAA c1 thN
s] D_n#( | 5! D_ t&'n th )ACAC6{ s> c YiNA t&a t&c
ti'n/ sau 1 use&naAe7$assbo&D c_c bJ t&'n A,4 s> c
s] D_n# n@u )ACAC6{ Yh3n# $hh h$ ha4 t&0 5? AJt 2xi
Ke&&o&M(2.1.1.1.2.AAA Authent)c(t)on A=>?C`u 2nh (((
(uthent)c(t)on (n.)c s] D_n# Y@t h$ 5i 2nh (n.) (uthent)c(t)on
t&on# 5ic cu hnh 2ine N A3 t0 $hBn# thHc c s] Dhn# Yhi AJt NA6:
use& Au*n t&u4 c$ 5=o &oute&(CV $h,$ c`u 2nh nh
sau:((( (uthent)c(t)on n(.) p,e-(u+t q list-namer method1 fmethod2g
fmethod3g fmethod4g C,c $hBn# $h,$ c Dhn# t&on# c`u 2nh
n=4:+oc(+: $hBn# $h,$ n=4 -,c .nh -,c thc bXn# 5ic s] D_n# cF$
u.ern(0e yyyy p(..6or, (((( t&'n &oute&(en(b+e: $hBn#
$h,$ n=4 -,c .nh &Xn# s> s] D_n# c`u 2nh enable password N
-,c thc t&'n inte&Pace( Vic -,c thc c thc hin bXn# 5ic so
s,nh $assbo&D n# b. 4'u cIu -,c thc )ACAC6{ t&c ti'n 5=
sau 1 s> s] D_n# use&naAe7$assbo&D c_c bJ n@u )ACAC6{ b.
2xi ha4 Yh3n# th!ch h$(2.1.1.2.C"p #u$%n 'Author)@(t)on*cJt Yhi
use& Z c -,c thc/ th ta cIn #ii hUn nhEn# +u4?n A= hS c $h%$ s]
D_n#( Ri?u 1 c thc hin th3n# +ua c`u 2nh ((( (uthor)@(t)on( NhEn#
#ii hUn c1 thN ,$ Ft 5=o hoUt Jn# ha4 D.ch 5_ c 4'u cIu bCi
&oute&( Vi 5ic c$ thoA +u4?n/ AAA thi@t 2$ AJt
subaDAinist&ato& N cho $h%$ t&u4 c$ 5=o ch@ J
conPi#u&ation AoDe/nhn# 5i Yh0 n"n# 2= chd c1 thN s] D_n# AJt
t$ nhv c,c 2nh c $h%$( cFc Dh c1 thN/ 5ic cu hnh &oute&
s> b. hUn ch@(CV $h,$ Dhn# N c$ +u4?n Yh, Bn #i0n/ n1 -,c .nh
hoUt Jn# ha4 D.ch 5_ Knetbo&Y/ e-ec/ coAAanD 2e5e2/
conPi#-coAAanD/ &e5e&se-accessM c s] D_n# cho use&(
9Un# tnn# +u,t cea c`u 2nh c$ thoA +u4?n 2=:((( (uthor)@(t)on
service-type p,e-(u+t q list-namer method1 fmethod2g fmethod3g
fmethod4g C`u 2nh t&'n c1 W n#hGa nh sau:((( (uthor)@(t)on
do-)hat* chec'-ho)* cnh ? do-what? c1 thN 2=:net6or;: thaA s* n=4
Dhn# $hBn# $h,$ chec'-ho)* N c$ +u4?n 5= thi@t 2$ c,c 4'u cIu D.ch
5_ c1 2i'n +uan @n AUn# nh 2= 6:i/ iii(eBec: thaA s* n=4 Dhn# $hBn#
$h,$ chec'-ho)* N c$ +u4?n n@u use& c $h%$ tUo hoFc chU4
t&on# ch@ J ;C she22( N@u )ACAC6{ hoFc 8A9:U6 c s] D_n#/ thc1
thN cB sC DE 2iu s> t&0 5? AJt th3n# tin 5i c`u 2nh t Jn#
cho n# c YiNA t&a( )--(uthent)c(te,: 5i thaA s* n=4/ n@u
AJt use& c -,c thc &ki/ th hS c $h%$ thi@t 2$ chHc n"n#(
ChV W &Xn# C `4 Yh3n# YiNA t&a thoA +u4?n A= chd cIn
use& c1 t&on# cB sC DE 2iu 2= Z $hh h$(none: 5i thaA s*
n=4/ &oute& Yh3n# li hvi th3n# tin thoA +u4?n cho do-)hat*(
)hoA+u4?n Yh3n# c thi@t 2$ 5= AJt c`u t&u4 5n s> c #Ci @n cB
sC DE 2iu(+oc(+: 5i thaA s* n=4/ &oute& hoFc access
se&5e& s> YiNA t&a use&naAe7$assbo&D c cu
hnh C ch@ J conPi#u&e AoDe 2u c_c bJ t&on#
&oute&(r(,)u.: 5i thaA s* n=4/ thoA +u4?n 8A9:U6 s> c
thc hin bXn# 5ic #n c,c thuJc t!nh cho use&naAe t&'n 8A9:U6
se&5e&( cxi use&naAe chn# 5i thuJc t!nh c 2u t&E
b'n t&on# 8A9:U6 Database(;rb:-)n.t(nce: 5i thaA s* n=4/
&oute& s> t&u4 5n @n ~e&be&os se&5e&
N 4'u cIu c$ thoA +u4?n( )hoA +u4?n s> c 2u t&on#
~e&be&os se&5e&(Nhn chun#/ thoA +u4?n c1 thN c=i Ft
theo nhi?u c,ch( Vn ? 2= tA Yi@A -eA th] t&on# Database ha4 t=i
n#u4'n n=o c1 cF$ AV ha4 thuJc t!nh N cun# c$ cho &oute&
c`u t&0 2