SmartWare Software Configuration Guide

8 • RADIUS Client Configuration

 

 

3.Query the local database (see “Configuring the local database accounts” on page 111 for information on how to configure the local database)

If, e.g. radius_deepblue is not available, radius_extern will be queried after a timeout. But if radius_deepblue gives an answer that rejects the login request, the remaining methods are not used and the login is denied. The same applies to the console service, which uses the profile console-login. This profile uses the following sequence of methods:

1.Ask radius server radius_deepblue.

2.Ask predefined method none. This method always grants access as system operator.

If radius_deepblue is not available, access will be granted by the method none. If radius_deepblue rejects the login request, console access is denied. If radius_deepblue confirms the request, console access is granted.

Do the following to configure the AAA component.

Mode: Configure

Step

Command

Purpose

 

 

 

1

node(cfg)#profile authentication name

Creates an authentication profile with name

 

 

name and enters profile authentication configura-

 

 

tion mode.

 

 

 

2

node(pf-auth)[name]#method [index]

Adds an AAA method to the profile. For RADIUS

 

{local none {radius name}}

you have to specify a name. For information on

 

 

how to configure local accounts and RADIUS

 

 

servers, refer to chapter 9, “IP context overview”

 

 

on page 114. With index you can add a method

 

 

between to others.

 

 

 

3

 

Repeat step 2 for all AAA methods you want to

 

 

add

 

 

 

4

node(pf-auth)[name]#server-timeout

Sets the timeout after that the next AAA method

 

seconds

in the list is requested if no answer is received.

 

 

 

5

node(pf-auth)[name]#exit

Goes back to the parent configuration mode

 

 

 

6

node(cfg)#terminal Telnet use

Specifies which AAA profile the Telnet login service

 

authentication profile-name

has to use.

 

 

 

7

node(cfg)#terminal console use

Specifies which AAA profile the console login

 

authentication profile-name

service has to use.

 

 

 

8

node(cfg)#show profile authentication

Displays the configured profiles

 

[name]

 

 

 

 

Example: Create the AAA profiles for login over Telnet and login over console, as they are shown in figure 15, and use them on the Telnet login and console login services.

node>enable

node#configure

node(cfg)#profile authentication remote-radius node(pf-auth)[remote-~]#method radius radius_deepblue node(pf-auth)[remote-~]#method radius radius_extern node(pf-auth)[remote-~]#method local node(pf-auth)[remote-~]#server-timeout 15

The AAA component

105

Page 105
Image 105
Patton electronic SmartNode 4110 Series manual Nodecfg#profile authentication name, Nodepf-authname#method index