文档介绍：实验四 PIX防火墙AAA服务的配置
实验目的
通过该实验掌握PIX防火墙AAA服务的配置,熟悉AAA服务器的认证、授权、审计配置。
实验任务
配置AAA服务器
在PIX防火墙上配置配置AAA服务
查看AAA配置,验证配置是否正确
实验设备
PIX防火墙一台,CISCO 2950交换机两台,控制线一根,网络连接线若干,PC机若干,AAA服务软件一套
实验拓扑图及内容
防火墙FW2上的配置是:
FW2(config)# int e2
FW2(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
FW2(config-if)# security-level 100
FW2(config-if)# ip add
FW2(config-if)# no shut
FW2(config-if)# int e1
FW2(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
FW2(config-if)# security-level 0
FW2(config-if)# ip add
FW2(config-if)# no shut
FW2(config-if)# int e0
FW2(config-if)# nameif dmz
INFO: Security level for "dmz" set to 0 by default.
FW2(config-if)# security-level 50
FW2(config-if)# ip address
FW2(config-if)# no shut
FW2(config)# access-list 101 extended permit tcp any any eq
FW2(config)# access-group 101 in interface outside
FW2(config)# access-group 101 in interface dmz
FW2(config)# aaa-ser
FW2(config)# aaa-server
FW2(config)# aaa-server abc protocol radius
FW2(config-aaa-server-group)# aaa-s
FW2(config-aaa-server-group)# aaa-server abc (dmz) host
FW2(config-aaa-server-host)# key abc
FW2(config-aaa-server-host)# aaa auth
FW2(config-aaa-server-host)# aaa authenti
FW2(config-aaa-server-host)# aaa authentication match 101