534CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL

Assigning an IP Address for a PPP User

Configuring a Local User Database

Configure RADIUS Server

Enabling and Disabling Please perform the following configurations in the system view.

AAATable 599 Enable/Disable AAA

Operation

Command

 

 

Enable AAA

aaa-enable

 

 

Disable AAA

undo aaa-enable

 

 

By default, AAA is disabled.

Configuring the An authentication method list defines the authentication methods, including the Authentication Method authentication types, which can be executed, and their execution sequence. This

List for Login Users list is used in sequence to authenticate users.

Login users are divided into FTP users and EXEC users. EXEC means logging on the router through Telnet or other methods, such as the console port, asynchronous serial port, telnet, X.25 PAD calling, for router configuration. The two types of users have to be authorized in a local user database with the command local-userservice-type. If a RADIUS server is used for authentication, the authorization details for the corresponding user (defining user name and password) should be set on the RADIUS server, before it is started.

Perform the following configuration in system view.

Table 600 Configure AAA Login Authentication

Operation

Command

 

 

Configure login authentication method list

aaa authentication-scheme login {

of AAA

default methods-list} [ template

 

server-template-name ] [ method1 ] [

 

method2 ]…

 

 

Delete login authentication method list of

undo aaa authentication-scheme login

AAA

{ default methods-list}

 

 

By default, the login method list is aaa authentication-scheme login default local.

If the user does not define the methods-list, the execution sequence of default method list will be used.

Method here refers to the authentication method. The Authentication method includes the following:

radius --- authentication with the RADIUS server

local --- local authentication

none --- access authority to all users without authentication

While configuring the authentication method list, at least one authentication method should be designated. If multiple authentication methods are designated, then at the time of login authentication, if there is no response to the preceding

Page 538
Image 538
3Com 10014299 manual By default, AAA is disabled, AAA Enable/Disable AAA, Configure AAA Login Authentication, Method2 …