253
configuring ISP domain accounting method, 41
configuring ISP domain attribute, 37
configuring ISP domain authentication method, 38
configuring ISP domain authorization method, 39
configuring local user, 16
configuring local user attributes, 17
configuring method for ISP domain, 36
configuring NAS ID-VLAN binding, 42
configuring schemes, 16
configuring user group attributes, 19
creating ISP domain, 36
differences between HWTACACS and RADIUS, 7
displaying, 44
displaying local user, 20
displaying local user group, 20
domain-based user management, 9
for RADIUS server 802.1X user, 50
HWTACACS.
See
HWTACACS
maintaining, 44
maintaining local user, 20
maintaining local user group, 20
protocols, 11
RADIUS.
See
RADIUS
standards, 11
tearing down user connection, 42
troubleshooting, 61
access device
as authentication initiator (802.1X), 66
account
user account policies (MAC), 96
accounting
configuring ISP domain method (AAA), 41
accounting-on (RADIUS), 28
ACL
assignment (802.1X), 74
assignment (MAC authentication), 97
configuring with assignment (802.1X), 89
algorithm
negotiation (SSH2.0), 169
application
PKI, 149
URPF network application, 247
architecture
802.1X, 63
PKI, 148
ARP attack protection
configuration, 223
configuring active acknowledgement, 229
configuring against IP packet attack, 224
configuring automatic scanning, 237
configuring detection, 229, 232, 234
configuring fixed ARP, 237
configuring packet rate limit, 226
configuring packet source MAC address
consistency check, 229
configuring restricted forwarding, 232, 235
configuring source MAC address-based detection,
227, 228
configuring source suppression, 224
configuring specified object detection, 231
defense against IP packet attack, 225
displaying ARP detection, 232
displaying defense against IP packet attack, 225
displaying source MAC address-based ARP attack
detection, 227
enabling 802.1X security entry detection, 230
enabling black hole routing, 225
enabling DHCP snooping entry detection, 230
enabling OUI MAC address detection, 230
enabling static IP source guard binding entry
detection, 230