Filter
Top Products
536 CHAPTER 38: CONFIGURING AAA AND RADIUS PROTOCOL
■ aaa authentication-scheme ppp default radius local
Different PPP authentication method lists can be configured for different
interfaces.
Configuring the
Local-First
Authentication of AAA
When local-first authentication is configured, the user is authenticated locally first.
If local authentication fails, then the authentication method configured in the
method list is used instead. Once local-first authentication is configured, it is
applied to all users using PPP and login.
Perform the following configurations in system view.
Table 602 Configure AAA Local-First Authentication
By default local-first authentication is disabled.
Configuring the AAA
Accounting Option
In case there is no available RADIUS accounting server or if communication with
the RADIUS accounting server fails, and if only
aaa accounting-scheme
optional
command is configured then the user is be disconnected and can still
use the network resources.
Perform the following configurations in system view.
Table 603 Configure AAA Accounting Option
By default, the accounting option is disabled and users are charged. When the
method list designated by the user is none, accounting is unnecessary.
Configuring a Local IP
Address Pool
A local address pool is mainly used to assign an IP address for users who log in
remote PPP. If the end IP address of the pool is not specified when the IP address
pool is defined, there will be only one IP address in the address pool.
Perform the following configurations in system view.
Table 604 Configure Local IP Address Pool
By default no address pool is defined by the system.
Operation Command
Enable local-first authentication aaa authentication-scheme
local-first
Disable local-first authentication undo aaa authentication-scheme
local-first
Operation Command
Turn on accounting option switch aaa accounting-scheme-scheme
optional
Turn off accounting option switch undo aaa accounting-scheme-scheme
optional
Operation Command
Configure local IP address pool ip pool pool-number low-ip-address [
high-ip-address ]
Cancel local IP address pool undo ip pool pool-number