3Com 10014299 Network Router User Manual


 
534 CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
Assigning an IP Address for a PPP User
Configuring a Local User Database
Configure RADIUS Server
Enabling and Disabling
AAA
Please perform the following configurations in the system view.
Table 599 Enable/Disable AAA
By default, AAA is disabled.
Configuring the
Authentication Method
List for Login Users
An authentication method list defines the authentication methods, including the
authentication types, which can be executed, and their execution sequence. This
list is used in sequence to authenticate users.
Login users are divided into FTP users and EXEC users. EXEC means logging on the
router through Telnet or other methods, such as the console port, asynchronous
serial port, telnet, X.25 PAD calling, for router configuration. The two types of
users have to be authorized in a local user database with the command
local-user service-type. If a RADIUS server is used for authentication, the
authorization details for the corresponding user (defining user name and
password) should be set on the RADIUS server, before it is started.
Perform the following configuration in system view.
Table 600 Configure AAA Login Authentication
By default, the login method list is aaa authentication-scheme login default
local
.
If the user does not define the methods-list, the execution sequence of default
method list will be used.
Method here refers to the authentication method. The Authentication method
includes the following:
radius --- authentication with the RADIUS server
local --- local authentication
none --- access authority to all users without authentication
While configuring the authentication method list, at least one authentication
method should be designated. If multiple authentication methods are designated,
then at the time of login authentication, if there is no response to the preceding
Operation Command
Enable AAA aaa-enable
Disable AAA undo aaa-enable
Operation Command
Configure login authentication method list
of AAA
aaa authentication-scheme login {
default | methods-list } [ template
server-template-name ] [ method1 ] [
method2 ]…
Delete login authentication method list of
AAA
undo aaa authentication-scheme login
{ default | methods-list }