Secure AAA server communication

Table 1. Internet Key Exchange product support

Feature

Product

Release introduced

For configuration details, see VOSS User Guide.

Internet Key Exchange (IKE) v2

Note:

VOSS Releases 6.0 and 6.0.1 do not support this feature.

5520 Series

VOSS 8.2.5

VSP 4450 Series

VOSS 5.1.2

VSP 4900 Series

VOSS 8.1

VSP 7200 Series

VOSS 5.1.2

VSP 7400 Series

VOSS 8.0

VSP 8200 Series

VOSS 5.1.2

VSP 8400 Series

VOSS 5.1.2

VSP 8600 Series

VSP 8600 8.0 demonstration feature

XA1400 Series

VOSS 8.0.50

Note

Note

DEMO FEATURE - Secure AAA server communication is a demonstration feature on some products. Demonstration features are provided for testing purposes. Demonstration features are for lab use only and are not for use in a production environment. For more information on feature support, see VOSS Feature Support Matrix.

Note

Note

Secure AAA server communication is only supported on VSP 8600 Series. You can use RADsec for RADIUS security on VOSS devices running Release 8.2 or later.

The VSP 8600 Series supports IP Security (IPsec) for the AAA server communication. IPsec provides the ability to secure RADIUS and TACACS+ servers against unwanted traffic by filtering on specific network adapters, by allowing or blocking specific protocols and enabling the server to selectively allow traffic from specific source IP addresses.

An AAA server program deals with requests for access to computer resources and provides authentication, authorization, and accounting (AAA) services. The switch communicates with AAA servers using Remote Authorization Dial-in User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+). It is not sufficient to protect authentication information with only RADIUS or TACACS+.

The following diagram shows the communication between AAA client and AAA server. The IPsec module on the client encrypts the packets to the AAA server and decrypts the packets from the AAA server. Similarly, the IPsec module on the server encrypts or decrypts the packets to or from the client.

Click to expand in new window

To implement secure AAA server communication, the VSP 8600 Series software supports the following: