Basic Aaa Principles; Method List - D-Link xStack DGS-3610 Series Configuration Manual

Chapter 37 Configuration of 802.1X
password authentication and more. The difference lies in the degree of their network
protection, and the AAA provides the security protection of a higher level.
The AAA has the following advantages:
Powerful flexibility and controllability

Expandability

Standardized authentication

Multiple backup systems

37.4.1

Basic AAA Principles

The AAA can configure dynamically authentication, authorization and accounting for a single
user (line) or server. It defines the authentication, authorization and accounting by means of
creating method lists and then applies them on specific services or interfaces.
37.4.2

Method List

Since the authentication for users can be implemented in a variety of ways, you need to use
the method list to define the sequence of using different methods to perform authentication
for the users. The method list can define one or more security protocols for authentication,
so that there are backup systems available for the authentication in case of the failure of the
first method. Our product works with the first method in the method list for user
authentication, and then selects the next method in the method list in case of no reply from
that method. This process goes on till an authentication method listed successfully allows
communication or all methods listed are used up. If all methods listed are used up but the
communication is not allowed, it declares failure of authentication.
Caution
Figure 37-11 A typical AAA network configuration
37-2
Our product will try the next method only when there is no reply from a
method. During the authentication, if the user access is refused by a
method, the authentication process ends and no other methods will be
attempted.
DGS-3610 Series Configuration Guide
Server
Server