% Declare Document Class \documentclass[a4paper,12pt,twoside,twocolumn,landscape]{book} \include{structure} % Load structure cfg for document \include{acronyms} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % BEGIN DOCUMENT % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{document} \include{frontpage} \tableofcontents % Only applied after generation of TOC \setlength{\parskip}{0.35em} % Define length between paragrahps \renewcommand{\baselinestretch}{1.15} % Define lineheight %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % BEGIN chapters % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % \include{chapter/baseconf} % \chapter{Layer 2} \input{chapter/section/switchednetwork} \newpage \input{chapter/section/spanningtree} % \chapter{L2 to L3} \input{chapter/section/intervlanrouting} % \chapter{DHCP} \input{chapter/section/dhcp} % \chapter{FHRP} \section{VRRP} \section{GLBP} \section{HSRP} % \chapter{Triple A\tsq{s}} \myquote{}{Remember to log the details, too.} \xkcd{latitude}{Remember logging when necessary} \newpage \begin{itemize} \item \textbf{Authentication:} \begin{enumerate} \item Identify the user, \item Validate the user, \item Allow/Disallow user based upon credentials. \end{enumerate} \item \textbf{Authorization:} \begin{enumerate} \item Have defined levels of allowed operations/tasks divided into groups, \item Validate user-to-groups relations, \item Allow/Disallow user actions. \item On network gear the Allow/Disallowed actions can be stored on either the central \acrshort{aaa} server or locally\footnote{May not apply to all network gear} in the network node. \end{enumerate} \item \textbf{Accounting:} \begin{enumerate} \item Network nodes collect user and session information from start to end when connecting to a node, \item All information is transferred back to \acrshort{aaa} server, \item Transferred info can be leveraged for several purposes. Typically logged info is: \begin{itemize} \item session duration, \item user commands, \item disallowed commands \end{itemize} \end{enumerate} \end{itemize} \bigskip \textbf{Obvious} benefits by using the \acrshort{aaa} is scalability, increased flexibility and granularity of assigned rights, standardization, having failover by using multiple triple a\tsq{s} server\footnote{Cisco devices uses the descending order in which \acrshort{aaa} servers are configured on the node}. \newpage \begin{table}[!ht] \centering \caption{Tacacs+ vs. Radius} \label{radiusversustacacsplus} \resizebox{\columnwidth}{!}{% \begin{tabular}{|l|l|l|l|l|} \hline \multicolumn{1}{|c|}{\textbf{Feature}} & \multicolumn{1}{c|}{\textbf{RADIUS}} & \multicolumn{1}{c|}{\textbf{TACACS+}} \\ \hline Developer & \begin{tabular}[c]{@{}l@{}}Livington Enterprise\\ (now industry standard)\end{tabular} & \begin{tabular}[c]{@{}l@{}}Cisco\\ (proprietary)\end{tabular} \\ \hline Transport protocol & UDP ports 1812-1813 & TCP port 49 \\ \hline \acrshort{aaa} support & \begin{tabular}[c]{@{}l@{}}Combines authentication\\ and authorization and \\ separate accounting\end{tabular} & \begin{tabular}[c]{@{}l@{}}Uses the \acrshort{aaa}\\ model and sep-\\ arates all three\\ services\end{tabular} \\ \hline Challange response & \begin{tabular}[c]{@{}l@{}}One-way, unidirectional\\ (single challenge response)\end{tabular} & \begin{tabular}[c]{@{}l@{}}Two-way, bidirec-\\ tional (multiple\\ challenge responses)\end{tabular} \\ \hline Security & \begin{tabular}[c]{@{}l@{}}Encrypts only the password\\ in the packet\end{tabular} & \begin{tabular}[c]{@{}l@{}}Encrypt the entire\\ packet body\end{tabular} \\ \hline \end{tabular}% } \end{table} \newpage \section{RADIUS} \fig{radius/radiuscommunication}{radiuscommunication}{Radius handshake and communication} \begin{txt} radius server DK-RADIUS-SERVER address ipv4 radiusserver.example.com auth-port 1812 acct-port 1813 key unkn0wn!unic@st.|. ! aaa new-model aaa group server RADIUS server name DK-RADIUS-SERVER ! aaa authentication login radius_list group RADIUS local ! line vty 0-4 login authentication radius_list line vty 5-15 login authentication radius_list \end{txt} \newpage \section{TACACS+} \fig{tacacsplus/tacacspluscommunication}{tacacspluscommunication}{Tacacs plus handshake and communication} \begin{txt} aaa group server tacacs+ TACACS server-private 1.1.1.1 unkn0wn!unicAst ip tacacs source-interface Loopback0 ! aaa authentication attempts login 1 aaa authentication login default group TACACS local-case aaa authentication login console local-case aaa authentication enable default group TACACS enable aaa authorization exec default group TACACS local aaa authorization commands 0 default group TACACS local aaa authorization commands 15 default group TACACS local aaa accounting exec default action-type start-stop group tacacs+ ! aaa accounting commands 1 default action-type start-stop group tacacs+ ! aaa accounting commands 2 default action-type start-stop group tacacs+ ! aaa accounting commands 15 default action-type start-stop group tacacs+ ! aaa session-id common ! tacacs-server host 10.21.0.45 tacacs-server unkn0wn!unicAst \end{txt} % \chapter{Network Time Protocol} \section{The old NTP from \tsq{85}} \section{Secure NTP} % \chapter{Managemnt} \section{Network management} \subsection{Routers} \subsection{Switches} \subsection{Firewall} \section{Out-of-band management} \subsection{Console server} % \chapter{Protocols Layer 3} \input{chapter/section/routednetwork} % \chapter{The Internet {\footnotesize "Post cold-war modern times"}} \section{Service Providers} \section{IXP} \section{MPLS} \section{BGP} \section{EVPN} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % BEGIN list of acronyms % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \clearpage \printglossary[type=\acronymtype,title=Special Terms,toctitle=List of terms] %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % BEGIN list of figures % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \renewcommand{\listfigurename}{List of {\footnotesize hidden} Figures} \listoffigures %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % BEGIN list of tables % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \renewcommand{\listtablename}{Tables {\footnotesize hidding} on the pages} \listoftables %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % BEGIN references % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \bibliography{references} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % END DOCUMENT % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \end{document}